Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: ofbiz

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
xercesImpl-2.9.1.jar xerces:xercesImpl:2.9.1    0 55
core-3.3.0.jar com.google.zxing:core:3.3.0    0 24
concurrentlinkedhashmap-lru-1.4.2.jar com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2    0 26
ez-vcard-0.9.10.jar com.googlecode.ez-vcard:ez-vcard:0.9.10    0 26
owasp-java-html-sanitizer-20170515.1.jar cpe:/a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:20170515.1 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20170515.1    0 Low 24
libphonenumber-8.8.3.jar com.googlecode.libphonenumber:libphonenumber:8.8.3    0 28
icu4j-59.1.jar com.ibm.icu:icu4j:59.1    0 36
itext-4.2.0.jar com.lowagie:itext:4.2.0    0 24
javax.mail-1.6.0.jar com.sun.mail:javax.mail:1.6.0    0 38
com.springsource.com.sun.syndication-0.9.0.jar com.sun.syndication:com.springsource.com.sun.syndication:0.9.0   0 21
xstream-1.4.10.jar cpe:/a:xstream_project:xstream:1.4.10
cpe:/a:x-stream:xstream:1.4.10
com.thoughtworks.xstream:xstream:1.4.10    0 Low 54
commons-cli-1.3.1.jar commons-cli:commons-cli:1.3.1    0 40
commons-net-3.3.jar commons-net:commons-net:3.3    0 38
commons-validator-1.5.1.jar commons-validator:commons-validator:1.5.1    0 42
juel-impl-2.2.7.jar de.odysseus.juel:juel-impl:2.2.7    0 34
javax.el-api-3.0.1-b04.jar cpe:/a:oracle:glassfish:3.0.1.b04 javax.el:javax.el-api:3.0.1-b04  Medium 2 Low 37
javax.servlet-api-4.0.0.jar javax.servlet:javax.servlet-api:4.0.0    0 38
javax.servlet.jsp-api-2.3.0.jar cpe:/a:oracle:jsp:2.3.0 javax.servlet.jsp:javax.servlet.jsp-api:2.3.0    0 Low 37
ical4j-1.0-rc3-atlassian-11.jar net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11   0 26
ant-junit-1.10.1.jar org.apache.ant:ant-junit:1.10.1    0 32
axis2-kernel-1.7.6.jar cpe:/a:apache:axis2:1.7.6 org.apache.axis2:axis2-kernel:1.7.6  Medium 2 Low 29
commons-collections4-4.1.jar cpe:/a:apache:commons_collections:4.1 org.apache.commons:commons-collections4:4.1    0 Low 40
commons-csv-1.5.jar org.apache.commons:commons-csv:1.5    0 42
commons-dbcp2-2.1.1.jar org.apache.commons:commons-dbcp2:2.1.1    0 38
geronimo-transaction-3.1.4.jar cpe:/a:apache:geronimo:3.1.4 org.apache.geronimo.components:geronimo-transaction:3.1.4  Low 1 Low 32
geronimo-jms_1.1_spec-1.1.1.jar org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1    0 27
httpclient-cache-4.5.3.jar cpe:/a:apache:httpclient:4.5.3 org.apache.httpcomponents:httpclient-cache:4.5.3    0 Low 33
log4j-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-api:2.9.1    0 Low 40
poi-3.17.jar cpe:/a:apache:poi:3.17 org.apache.poi:poi:3.17    0 Low 32
shiro-core-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-core:1.4.0    0 Low 34
tika-core-1.16.jar cpe:/a:apache:tika:1.16 org.apache.tika:tika-core:1.16    0 Low 40
tika-parsers-1.16.jar cpe:/a:apache:tika:1.16 org.apache.tika:tika-parsers:1.16    0 Low 38
tomcat-catalina-ha-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-catalina-ha:8.5.23  High 3 Low 27
tomcat-catalina-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-catalina:8.5.23  High 3 Low 25
tomcat-jasper-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-jasper:8.5.23  High 3 Low 27
tomcat-tribes-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-tribes:8.5.23  High 3 Low 27
fop-2.2.jar cpe:/a:apache:formatting_objects_processor:2.2 org.apache.xmlgraphics:fop:2.2    0 Low 33
xmlrpc-client-3.1.3.jar cpe:/a:apache:xml-rpc:3.1.3 org.apache.xmlrpc:xmlrpc-client:3.1.3  High 1 Highest 26
xmlrpc-server-3.1.3.jar cpe:/a:apache:xml-rpc:3.1.3 org.apache.xmlrpc:xmlrpc-server:3.1.3  High 1 Highest 26
groovy-all-2.4.12.jar cpe:/a:apache:groovy:2.4.12 org.codehaus.groovy:groovy-all:2.4.12  Medium 1 Low 40
freemarker-2.3.26-incubating.jar org.freemarker:freemarker:2.3.26-incubating    0 46
hamcrest-all-1.3.jar org.hamcrest:hamcrest-all:1.3    0 24
esapi-2.1.0.1.jar cpe:/a:owasp:enterprise_security_api:2.1.0.1 org.owasp.esapi:esapi:2.1.0.1    0 Low 29
spring-test-4.2.3.RELEASE.jar cpe:/a:vmware:springsource_spring_framework:4.2.3
cpe:/a:pivotal:spring_framework:4.2.3
cpe:/a:pivotal_software:spring_framework:4.2.3
cpe:/a:springsource:spring_framework:4.2.3
org.springframework:spring-test:4.2.3.RELEASE  Medium 2 Highest 33
jackson-databind-java-optional-2.6.1.jar org.zapodot:jackson-databind-java-optional:2.6.1    0 26
oro-2.0.8.jar oro:oro:2.0.8    0 21
wsdl4j-1.6.3.jar wsdl4j:wsdl4j:1.6.3    0 29
jjwt-0.9.0.jar io.jsonwebtoken:jjwt:0.9.0    0 28
jsoup-1.8.3.jar cpe:/a:jsoup:jsoup:1.8.3:a org.jsoup:jsoup:1.8.3  Medium 1 Highest 32
itextpdf-5.5.6.jar com.itextpdf:itextpdf:5.5.6    0 33
activation-1.1.jar javax.activation:activation:1.1    0 29
com.springsource.org.jdom-1.0.0.jar org.jdom:com.springsource.org.jdom:1.0.0   0 12
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1    0 20
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c    0 26
commons-digester-1.8.1.jar commons-digester:commons-digester:1.8.1    0 36
commons-logging-1.2.jar commons-logging:commons-logging:1.2    0 38
commons-collections-3.2.2.jar cpe:/a:apache:commons_collections:3.2.2 commons-collections:commons-collections:3.2.2    0 Low 42
junit-4.11.jar junit:junit:4.11    0 24
backport-util-concurrent-3.1.jar backport-util-concurrent:backport-util-concurrent:3.1    0 29
ant-1.10.1.jar org.apache.ant:ant:1.10.1    0 29
axiom-api-1.2.20.jar org.apache.ws.commons.axiom:axiom-api:1.2.20    0 38
axiom-impl-1.2.20.jar org.apache.ws.commons.axiom:axiom-impl:1.2.20    0 34
geronimo-ws-metadata_2.0_spec-1.1.2.jar org.apache.geronimo.specs:geronimo-ws-metadata_2.0_spec:1.1.2    0 27
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3    0 Low 42
xmlschema-core-2.2.1.jar org.apache.ws.xmlschema:xmlschema-core:2.2.1    0 31
neethi-3.0.3.jar cpe:/a:apache:apache_test:3.0.3 org.apache.neethi:neethi:3.0.3    0 Low 40
woden-core-1.0M10.jar org.apache.woden:woden-core:1.0M10    0 32
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1    0 30
commons-pool2-2.4.2.jar org.apache.commons:commons-pool2:2.4.2    0 38
geronimo-j2ee-connector_1.6_spec-1.0.jar org.apache.geronimo.specs:geronimo-j2ee-connector_1.6_spec:1.0    0 31
httpclient-4.5.3.jar cpe:/a:apache:httpclient:4.5.3 org.apache.httpcomponents:httpclient:4.5.3    0 Low 33
commons-codec-1.10.jar commons-codec:commons-codec:1.10    0 40
shiro-lang-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-lang:1.4.0    0 Low 36
shiro-cache-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-cache:1.4.0    0 Low 34
shiro-crypto-hash-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-crypto-hash:1.4.0    0 Low 34
shiro-crypto-cipher-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-crypto-cipher:1.4.0    0 Low 34
shiro-config-core-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-config-core:1.4.0    0 Low 34
shiro-config-ogdl-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-config-ogdl:1.4.0    0 Low 36
shiro-event-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-event:1.4.0    0 Low 34
vorbis-java-tika-0.8.jar cpe:/a:apache:tika:0.8 org.gagravarr:vorbis-java-tika:0.8  High 1 Low 24
jackcess-2.1.8.jar com.healthmarketscience.jackcess:jackcess:2.1.8    0 30
jackcess-encrypt-2.1.2.jar com.healthmarketscience.jackcess:jackcess-encrypt:2.1.2    0 30
jmatio-1.2.jar org.tallison:jmatio:1.2    0 22
apache-mime4j-core-0.8.1.jar cpe:/a:apache:james:0.8.1 org.apache.james:apache-mime4j-core:0.8.1    0 Low 32
apache-mime4j-dom-0.8.1.jar cpe:/a:apache:james:0.8.1 org.apache.james:apache-mime4j-dom:0.8.1    0 Low 34
commons-compress-1.14.jar cpe:/a:apache:commons-compress:1.14 org.apache.commons:commons-compress:1.14    0 Low 44
xz-1.6.jar cpe:/a:tukaani:xz:1.6 org.tukaani:xz:1.6  Medium 1 Low 31
pdfbox-2.0.6.jar cpe:/a:apache:pdfbox:2.0.6 org.apache.pdfbox:pdfbox:2.0.6    0 Low 36
pdfbox-tools-2.0.6.jar cpe:/a:apache:pdfbox:2.0.6 org.apache.pdfbox:pdfbox-tools:2.0.6    0 Low 27
jempbox-1.8.13.jar cpe:/a:apache:pdfbox:1.8.13 org.apache.pdfbox:jempbox:1.8.13    0 Low 36
bcmail-jdk15on-1.54.jar org.bouncycastle:bcmail-jdk15on:1.54    0 47
bcprov-jdk15on-1.54.jar cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54
cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54
org.bouncycastle:bcprov-jdk15on:1.54    0 Low 43
poi-scratchpad-3.17-beta1.jar cpe:/a:apache:poi:3.17.beta org.apache.poi:poi-scratchpad:3.17-beta1    0 Low 31
poi-ooxml-3.17-beta1.jar cpe:/a:apache:poi:3.17.beta org.apache.poi:poi-ooxml:3.17-beta1    0 Low 32
tagsoup-1.2.1.jar org.ccil.cowan.tagsoup:tagsoup:1.2.1    0 24
isoparser-1.1.18.jar com.googlecode.mp4parser:isoparser:1.1.18    0 20
metadata-extractor-2.9.1.jar cpe:/a:id:id-software:2.9.1 com.drewnoakes:metadata-extractor:2.9.1    0 Low 22
boilerpipe-1.1.0.jar de.l3s.boilerpipe:boilerpipe:1.1.0    0 24
rome-1.5.1.jar com.rometools:rome:1.5.1    0 27
vorbis-java-core-0.8.jar org.gagravarr:vorbis-java-core:0.8    0 22
juniversalchardet-1.0.3.jar com.googlecode.juniversalchardet:juniversalchardet:1.0.3    0 24
jhighlight-1.0.2.jar org.codelibs:jhighlight:1.0.2    0 24
java-libpst-0.8.1.jar com.pff:java-libpst:0.8.1    0 20
junrar-0.7.jar com.github.junrar:junrar:0.7    0 21
cxf-rt-rs-client-3.0.12.jar cpe:/a:apache:cxf:3.0.12 org.apache.cxf:cxf-rt-rs-client:3.0.12  Medium 4 Highest 36
commons-exec-1.3.jar org.apache.commons:commons-exec:1.3    0 40
opennlp-tools-1.6.0.jar cpe:/a:apache:opennlp:1.6.0 org.apache.opennlp:opennlp-tools:1.6.0  High 1 Highest 34
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1    0 24
json-1.8.jar com.tdunning:json:1.8    0 20
gson-2.8.1.jar com.google.code.gson:gson:2.8.1    0 30
slf4j-api-1.7.24.jar org.slf4j:slf4j-api:1.7.24    0 32
jul-to-slf4j-1.7.24.jar org.slf4j:jul-to-slf4j:1.7.24    0 31
jcl-over-slf4j-1.7.24.jar org.slf4j:jcl-over-slf4j:1.7.24    0 32
netcdf4-4.5.5.jar edu.ucar:netcdf4:4.5.5    0 23
grib-4.5.5.jar edu.ucar:grib:4.5.5    0 27
cdm-4.5.5.jar edu.ucar:cdm:4.5.5    0 27
httpservices-4.5.5.jar edu.ucar:httpservices:4.5.5    0 25
sis-utility-0.6.jar org.apache.sis.core:sis-utility:0.6    0 45
sis-netcdf-0.6.jar org.apache.sis.storage:sis-netcdf:0.6    0 46
sis-metadata-0.6.jar org.apache.sis.core:sis-metadata:0.6    0 47
geoapi-3.0.0.jar org.opengis:geoapi:3.0.0    0 30
sentiment-analysis-parser-0.1.jar edu.usc.ir:sentiment-analysis-parser:0.1    0 24
tomcat-coyote-8.5.23.jar cpe:/a:apache:coyote_http_connector:8.5.23
cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
cpe:/a:apache:tomcat_connectors:8.5.23
org.apache.tomcat:tomcat-coyote:8.5.23  High 3 Low 27
tomcat-servlet-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-servlet-api:8.5.23  High 3 Low 23
tomcat-juli-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23 org.apache.tomcat:tomcat-juli:8.5.23    0 Low 25
tomcat-util-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-util:8.5.23  High 3 Low 27
tomcat-util-scan-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-util-scan:8.5.23  High 3 Low 28
tomcat-jsp-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-jsp-api:8.5.23  High 3 Low 25
tomcat-annotations-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-annotations-api:8.5.23  High 3 Low 23
tomcat-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-api:8.5.23  High 3 Low 25
tomcat-jni-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-jni:8.5.23  High 3 Low 27
tomcat-jaspic-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-jaspic-api:8.5.23  High 3 Low 26
tomcat-el-api-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-el-api:8.5.23  High 3 Low 23
ecj-3.12.3.jar org.eclipse.jdt:ecj:3.12.3    0 32
tomcat-jasper-el-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat:tomcat-jasper-el:8.5.23  High 3 Low 27
xmlgraphics-commons-2.2.jar org.apache.xmlgraphics:xmlgraphics-commons:2.2    0 33
batik-svg-dom-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-svg-dom:1.9    0 Low 27
batik-bridge-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-bridge:1.9    0 Low 26
batik-awt-util-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-awt-util:1.9    0 Low 27
batik-gvt-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-gvt:1.9    0 Low 26
batik-transcoder-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-transcoder:1.9    0 Low 26
batik-extension-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-extension:1.9    0 Low 27
batik-ext-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-ext:1.9    0 Low 26
avalon-framework-api-4.3.1.jar org.apache.avalon.framework:avalon-framework-api:4.3.1    0 26
avalon-framework-impl-4.3.1.jar org.apache.avalon.framework:avalon-framework-impl:4.3.1    0 26
xmlrpc-common-3.1.3.jar cpe:/a:apache:xml-rpc:3.1.3 org.apache.xmlrpc:xmlrpc-common:3.1.3  High 1 Highest 26
commons-configuration-1.10.jar commons-configuration:commons-configuration:1.10    0 38
commons-beanutils-core-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils-core:1.8.3  High 1 Low 32
log4j-1.2.17.jar cpe:/a:apache:log4j:1.2.17 log4j:log4j:1.2.17    0 Low 32
xom-1.2.5.jar xom:xom:1.2.5    0 48
bsh-core-2.0b4.jar cpe:/a:beanshell_project:beanshell:2.0.b4 org.beanshell:bsh-core:2.0b4  Medium 1 Low 27
antisamy-1.5.3.jar cpe:/a:antisamy_project:antisamy:1.5.3 org.owasp.antisamy:antisamy:1.5.3  Medium 2 Highest 23
spring-core-4.2.3.RELEASE.jar cpe:/a:vmware:springsource_spring_framework:4.2.3
cpe:/a:pivotal:spring_framework:4.2.3
cpe:/a:pivotal_software:spring_framework:4.2.3
cpe:/a:springsource:spring_framework:4.2.3
org.springframework:spring-core:4.2.3.RELEASE  Medium 2 Highest 29
viewservlets-4.5.0.jar cpe:/a:id:id-software:4.5.0
cpe:/a:eclipse:birt:4.5.0
org.eclipse.birt.runtime:viewservlets:4.5.0    0 Low 24
tomcat-embed-websocket-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat.embed:tomcat-embed-websocket:8.5.23    0 Low 27
cas-server-core-3.3.5.jar org.jasig.cas:cas-server-core:3.3.5    0 25
lucene-core-7.1.0.jar org.apache.lucene:lucene-core:7.1.0    0 30
lucene-queryparser-7.1.0.jar org.apache.lucene:lucene-queryparser:7.1.0    0 33
lucene-analyzers-common-7.1.0.jar org.apache.lucene:lucene-analyzers-common:7.1.0    0 32
jug-2.0.0-asl.jar org.safehaus.jug:jug:2.0.0   0 25
poi-excelant-3.14.jar cpe:/a:apache:poi:3.14 org.apache.poi:poi-excelant:3.14  High 1 Highest 35
solr-core-7.1.0.jar cpe:/a:apache:solr:7.1.0 org.apache.solr:solr-core:7.1.0    0 Low 30
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3    0 27
ant-launcher-1.10.1.jar org.apache.ant:ant-launcher:1.10.1    0 27
geronimo-activation_1.1_spec-1.1.jar org.apache.geronimo.specs:geronimo-activation_1.1_spec:1.1    0 33
jaxen-1.1.6.jar jaxen:jaxen:1.1.6    0 30
geronimo-stax-api_1.0_spec-1.0.1.jar org.apache.geronimo.specs:geronimo-stax-api_1.0_spec:1.0.1    0 27
httpcore-4.4.6.jar org.apache.httpcomponents:httpcore:4.4.6    0 35
shiro-crypto-core-1.4.0.jar cpe:/a:apache:shiro:1.4.0 org.apache.shiro:shiro-crypto-core:1.4.0    0 Low 34
commons-lang-2.6.jar commons-lang:commons-lang:2.6    0 36
pdfbox-debugger-2.0.6.jar cpe:/a:apache:pdfbox:2.0.6 org.apache.pdfbox:pdfbox-debugger:2.0.6    0 Low 27
bcpkix-jdk15on-1.54.jar org.bouncycastle:bcpkix-jdk15on:1.54    0 43
xmpcore-5.1.2.jar com.adobe.xmp:xmpcore:5.1.2    0 36
rome-utils-1.5.1.jar com.rometools:rome-utils:1.5.1    0 26
commons-vfs2-2.0.jar org.apache.commons:commons-vfs2:2.0    0 34
cxf-rt-transports-http-3.0.12.jar cpe:/a:apache:cxf:3.0.12 org.apache.cxf:cxf-rt-transports-http:3.0.12  Medium 4 Highest 36
cxf-core-3.0.12.jar cpe:/a:apache:cxf:3.0.12 org.apache.cxf:cxf-core:3.0.12  Medium 4 Highest 36
cxf-rt-frontend-jaxrs-3.0.12.jar cpe:/a:apache:cxf:3.0.12 org.apache.cxf:cxf-rt-frontend-jaxrs:3.0.12  Medium 4 Highest 36
jcip-annotations-1.0.jar net.jcip:jcip-annotations:1.0    0 22
jna-4.1.0.jar net.java.dev.jna:jna:4.1.0    0 36
jdom2-2.0.4.jar org.jdom:jdom2:2.0.4    0 45
bzip2-0.9.1.jar cpe:/a:bzip:bzip2:0.9.1 org.itadaki:bzip2:0.9.1  Medium 3 Low 22
udunits-4.5.5.jar edu.ucar:udunits:4.5.5    0 27
joda-time-2.2.jar joda-time:joda-time:2.2    0 36
quartz-2.2.0.jar org.quartz-scheduler:quartz:2.2.0    0 40
ehcache-core-2.6.2.jar net.sf.ehcache:ehcache-core:2.6.2    0 21
jcommander-1.35.jar com.beust:jcommander:1.35    0 24
sis-storage-0.6.jar org.apache.sis.storage:sis-storage:0.6    0 46
sis-referencing-0.6.jar org.apache.sis.core:sis-referencing:0.6    0 47
jsr-275-0.9.3.jar javax.measure:jsr-275:0.9.3    0 28
batik-dom-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-dom:1.9    0 Low 26
batik-parser-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-parser:1.9    0 Low 26
batik-util-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-util:1.9    0 Low 26
xml-apis-1.3.04.jar xml-apis:xml-apis:1.3.04    0 51
xml-apis-ext-1.3.04.jar xml-apis:xml-apis-ext:1.3.04    0 37
batik-anim-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-anim:1.9    0 Low 27
batik-script-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-script:1.9    0 Low 26
batik-xml-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-xml:1.9    0 Low 26
xalan-2.7.2.jar cpe:/a:apache:xalan-java:2.7.2 xalan:xalan:2.7.2    0 Low 43
batik-svggen-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-svggen:1.9    0 Low 26
ws-commons-util-1.0.2.jar org.apache.ws.commons.util:ws-commons-util:1.0.2    0 29
nekohtml-1.9.16.jar net.sourceforge.nekohtml:nekohtml:1.9.16    0 25
commons-httpclient-3.1.jar cpe:/a:apache:httpclient:3.1
cpe:/a:apache:commons-httpclient:3.1
commons-httpclient:commons-httpclient:3.1  Medium 3 Low 31
axis-1.4.jar cpe:/a:apache:axis:1.4 org.apache.axis:axis:1.4  Medium 2 Highest 25
commons-discovery-0.5.jar commons-discovery:commons-discovery:0.5    0 36
org.eclipse.birt.runtime-4.4.1.jar cpe:/a:eclipse:birt:4.4.1 org.eclipse.birt.runtime:org.eclipse.birt.runtime:4.4.1    0 Low 27
tomcat-embed-core-8.5.23.jar cpe:/a:apache_software_foundation:tomcat:8.5.23
cpe:/a:apache_tomcat:apache_tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.23
org.apache.tomcat.embed:tomcat-embed-core:8.5.23    0 Low 23
person-directory-impl-1.5.0-RC5.jar org.jasig.service:person-directory-impl:1.5.0-RC5    0 27
jdom-1.0.jar jdom:jdom:1.0    0 40
spring-orm-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-orm:2.5.6.SEC01  High 7 Low 35
spring-jdbc-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-jdbc:2.5.6.SEC01  High 7 Low 35
spring-webmvc-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-webmvc:2.5.6.SEC01  High 7 Low 37
hibernate-annotations-3.3.1.GA.jar org.hibernate:hibernate-annotations:3.3.1.GA    0 30
xmlsec-1.4.3.jar cpe:/a:apache:santuario_xml_security_for_java:1.4.3
cpe:/a:xmlsec_project:xmlsec:1.4.3
cpe:/a:apache:xml_security_for_java:1.4.3
org.apache.santuario:xmlsec:1.4.3  Medium 1 Highest 30
opensaml-1.1b.jar cpe:/a:shibboleth:opensaml:1.1 org.opensaml:opensaml1:1.1  Medium 1 Low 29
persistence-api-1.0.jar cpe:/a:id:id-software:1.0 javax.persistence:persistence-api:1.0    0 Low 29
xmldsig-1.0.jar cpe:/a:jasper_project:jasper:1.0.1 com.hynnet:jasper-xml-dsig:1.0.1  High 35 Low 34
inspektr-core-0.7.0.jar org.inspektr:inspektr-core:0.7.0   0 21
spring-webflow-1.0.6.jar cpe:/a:pivotal:spring_framework:1.0.6
cpe:/a:vmware:springsource_spring_framework:1.0.6
cpe:/a:pivotal:spring_web_flow:1.0.6
cpe:/a:pivotal_software:spring_framework:1.0.6
cpe:/a:springsource:spring_framework:1.0.6
org.springframework:spring-webflow:1.0.6  High 7 Low 33
lucene-queries-7.1.0.jar org.apache.lucene:lucene-queries:7.1.0    0 33
lucene-sandbox-7.1.0.jar org.apache.lucene:lucene-sandbox:7.1.0    0 30
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0    0 30
lucene-analyzers-kuromoji-7.1.0.jar org.apache.lucene:lucene-analyzers-kuromoji:7.1.0    0 33
lucene-analyzers-phonetic-7.1.0.jar org.apache.lucene:lucene-analyzers-phonetic:7.1.0    0 33
lucene-backward-codecs-7.1.0.jar org.apache.lucene:lucene-backward-codecs:7.1.0    0 33
lucene-classification-7.1.0.jar org.apache.lucene:lucene-classification:7.1.0    0 32
lucene-codecs-7.1.0.jar org.apache.lucene:lucene-codecs:7.1.0    0 32
lucene-expressions-7.1.0.jar cpe:/a:values_project:values:7.1.0 org.apache.lucene:lucene-expressions:7.1.0    0 Low 33
lucene-grouping-7.1.0.jar org.apache.lucene:lucene-grouping:7.1.0    0 33
lucene-highlighter-7.1.0.jar org.apache.lucene:lucene-highlighter:7.1.0    0 32
lucene-join-7.1.0.jar org.apache.lucene:lucene-join:7.1.0    0 33
lucene-memory-7.1.0.jar org.apache.lucene:lucene-memory:7.1.0    0 33
lucene-misc-7.1.0.jar org.apache.lucene:lucene-misc:7.1.0    0 30
lucene-spatial-extras-7.1.0.jar org.apache.lucene:lucene-spatial-extras:7.1.0    0 32
lucene-spatial3d-7.1.0.jar org.apache.lucene:lucene-spatial3d:7.1.0    0 33
lucene-suggest-7.1.0.jar org.apache.lucene:lucene-suggest:7.1.0    0 33
solr-solrj-7.1.0.jar cpe:/a:apache:solr:7.1.0 org.apache.solr:solr-solrj:7.1.0    0 Low 33
hppc-0.7.1.jar com.carrotsearch:hppc:0.7.1    0 24
jackson-dataformat-smile-2.5.4.jar cpe:/a:fasterxml:jackson:2.5.4 com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.5.4    0 Low 40
caffeine-2.4.0.jar com.github.ben-manes.caffeine:caffeine:2.4.0    0 30
t-digest-3.1.jar com.tdunning:t-digest:3.1    0 24
dom4j-1.6.1.jar dom4j:dom4j:1.6.1    0 31
gmetric4j-1.0.7.jar info.ganglia.gmetric4j:gmetric4j:1.0.7    0 25
metrics-core-3.2.2.jar io.dropwizard.metrics:metrics-core:3.2.2    0 27
metrics-ganglia-3.2.2.jar io.dropwizard.metrics:metrics-ganglia:3.2.2    0 27
metrics-graphite-3.2.2.jar cpe:/a:graphite_project:graphite:3.2.2 io.dropwizard.metrics:metrics-graphite:3.2.2    0 Low 27
metrics-jetty9-3.2.2.jar cpe:/a:jetty:jetty:3.2.2 io.dropwizard.metrics:metrics-jetty9:3.2.2    0 Low 27
metrics-jvm-3.2.2.jar io.dropwizard.metrics:metrics-jvm:3.2.2    0 27
eigenbase-properties-1.1.5.jar net.hydromatic:eigenbase-properties:1.1.5    0 32
antlr4-runtime-4.5.1-1.jar org.antlr:antlr4-runtime:4.5.1-1    0 34
calcite-core-1.13.0.jar org.apache.calcite:calcite-core:1.13.0    0 29
calcite-linq4j-1.13.0.jar org.apache.calcite:calcite-linq4j:1.13.0    0 29
avatica-core-1.10.0.jar org.apache.calcite.avatica:avatica-core:1.10.0    0 29
commons-lang3-3.6.jar org.apache.commons:commons-lang3:3.6    0 42
curator-client-2.8.0.jar org.apache.curator:curator-client:2.8.0    0 28
curator-framework-2.8.0.jar cpe:/a:apache:zookeeper:2.8.0 org.apache.curator:curator-framework:2.8.0  Medium 2 Low 28
curator-recipes-2.8.0.jar cpe:/a:apache:zookeeper:2.8.0 org.apache.curator:curator-recipes:2.8.0  Medium 2 Low 28
hadoop-annotations-2.7.4.jar cpe:/a:apache:hadoop:2.7.4 org.apache.hadoop:hadoop-annotations:2.7.4    0 Low 26
hadoop-auth-2.7.4.jar cpe:/a:apache:hadoop:2.7.4 org.apache.hadoop:hadoop-auth:2.7.4    0 Low 27
hadoop-common-2.7.4.jar cpe:/a:apache:hadoop:2.7.4 org.apache.hadoop:hadoop-common:2.7.4    0 Low 24
hadoop-hdfs-2.7.4.jar cpe:/a:apache:hadoop:2.7.4 org.apache.hadoop:hadoop-hdfs:2.7.4    0 Low 26
htrace-core-3.2.0-incubating.jar cpe:/a:fasterxml:jackson:3.2.0 org.apache.htrace:htrace-core:3.2.0-incubating    0 Low 33
zookeeper-3.4.10.jar cpe:/a:apache:zookeeper:3.4.10 org.apache.zookeeper:zookeeper:3.4.10  Low 1 Low 29
jackson-core-asl-1.9.13.jar cpe:/a:fasterxml:jackson:1.9.13 org.codehaus.jackson:jackson-core-asl:1.9.13    0 Low 36
jackson-mapper-asl-1.9.13.jar cpe:/a:fasterxml:jackson:1.9.13 org.codehaus.jackson:jackson-mapper-asl:1.9.13    0 Low 36
commons-compiler-2.7.6.jar cpe:/a:super_project:super:2.7.6 org.codehaus.janino:commons-compiler:2.7.6    0 Low 29
janino-2.7.6.jar cpe:/a:super_project:super:2.7.6 org.codehaus.janino:janino:2.7.6    0 Low 32
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4    0 30
jetty-continuation-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-continuation:9.3.20.v20170531  Medium 1 Low 42
jetty-deploy-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-deploy:9.3.20.v20170531  Medium 1 Low 42
jetty-http-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-http:9.3.20.v20170531  Medium 1 Low 40
jetty-io-9.3.20.v20170531.jar org.eclipse.jetty:jetty-io:9.3.20.v20170531    0 40
jetty-jmx-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-jmx:9.3.20.v20170531  Medium 1 Low 42
jetty-rewrite-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-rewrite:9.3.20.v20170531  Medium 1 Low 42
jetty-security-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-security:9.3.20.v20170531  Medium 1 Low 42
jetty-server-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-server:9.3.20.v20170531  Medium 1 Low 42
jetty-servlet-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-servlet:9.3.20.v20170531  Medium 1 Low 42
jetty-servlets-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-servlets:9.3.20.v20170531  Medium 1 Low 42
jetty-util-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-util:9.3.20.v20170531  Medium 1 Low 42
jetty-webapp-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-webapp:9.3.20.v20170531  Medium 1 Low 42
jetty-xml-9.3.20.v20170531.jar cpe:/a:eclipse:jetty:9.3.20.v20170531
cpe:/a:jetty:jetty:9.3.20.v20170531
org.eclipse.jetty:jetty-xml:9.3.20.v20170531  Medium 1 Low 42
spatial4j-0.6.jar org.locationtech.spatial4j:spatial4j:0.6    0 32
noggit-0.8.jar org.noggit:noggit:0.8    0 20
asm-commons-5.1.jar org.ow2.asm:asm-commons:5.1    0 34
org.restlet-2.3.0.jar cpe:/a:restlet:restlet_framework:2.3.0
cpe:/a:restlet:restlet:2.3.0
org.restlet.jee:org.restlet:2.3.0   0 Low 10
org.restlet.ext.servlet-2.3.0.jar cpe:/a:restlet:restlet_framework:2.3.0
cpe:/a:restlet:restlet:2.3.0
org.restlet.jee:org.restlet.ext.servlet:2.3.0   0 Low 13
maven-scm-api-1.4.jar org.apache.maven.scm:maven-scm-api:1.4    0 27
maven-scm-provider-svnexe-1.4.jar org.apache.maven.scm:maven-scm-provider-svnexe:1.4    0 27
javax.ws.rs-api-2.0.1.jar cpe:/a:restful_web_services_project:restful_web_services:2.0.1
cpe:/a:restful_project:restful:2.0.1
javax.ws.rs:javax.ws.rs-api:2.0.1    0 Low 38
javax.annotation-api-1.2.jar javax.annotation:javax.annotation-api:1.2    0 40
c3p0-0.9.1.1.jar c3p0:c3p0:0.9.1.1    0 28
batik-constants-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-constants:1.9    0 Low 27
batik-i18n-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-i18n:1.9    0 Low 26
org.eclipse.core.expressions-3.4.500.v20130515-1343.jar cpe:/a:eclipse:birt:3.4.500.v20130515
cpe:/a:id:id-software:3.4.500.v20130515
org.eclipse.birt.runtime:org.eclipse.core.expressions:3.4.500.v20130515-1343    0 Low 35
org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar cpe:/a:eclipse:birt:2.10.1.v20140901 org.eclipse.birt.runtime:org.eclipse.emf.ecore.xmi:2.10.1.v20140901-1043    0 Low 35
org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar cpe:/a:eclipse:birt:3.3.6.v20121207 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.oda.design:3.3.6.v201212070447    0 Low 35
org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar cpe:/a:eclipse:birt:1.2.5.v20130503 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.oda.xml:1.2.5.v201305031101  Medium 1 Low 35
org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar cpe:/a:eclipse:birt:1.2.6.v20140313 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.oda.ws:1.2.6.v201403131825  Medium 1 Low 35
org.eclipse.core.runtime-3.9.0.v20130326-1255.jar cpe:/a:eclipse:birt:3.9.0.v20130326 org.eclipse.birt.runtime:org.eclipse.core.runtime:3.9.0.v20130326-1255    0 Low 34
org.eclipse.equinox.app-1.3.100.v20130327-1442.jar cpe:/a:eclipse:birt:1.3.100.v20130327
cpe:/a:id:id-software:1.3.100.v20130327
org.eclipse.birt.runtime:org.eclipse.equinox.app:1.3.100.v20130327-1442  Medium 1 Low 40
com.ibm.icu-50.1.1.v201304230130.jar cpe:/a:id:id-software:50.1.1.v20130423
cpe:/a:eclipse:birt:50.1.1.v20130423
org.eclipse.birt.runtime:com.ibm.icu:50.1.1.v201304230130    0 Low 33
org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar cpe:/a:id:id-software:3.5.400.v20140428
cpe:/a:eclipse:birt:3.5.400.v20140428
org.eclipse.birt.runtime:org.eclipse.equinox.registry:3.5.400.v20140428-1507    0 Low 38
org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar cpe:/a:eclipse:birt:1.0.1.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.dbdefinition.genericJDBC:1.0.1.v201107221459  Medium 1 Low 25
org.eclipse.osgi-3.10.1.v20140909-1633.jar cpe:/a:eclipse:birt:3.10.1.v20140909
cpe:/a:id:id-software:3.10.1.v20140909
org.eclipse.birt.runtime:org.eclipse.osgi:3.10.1.v20140909-1633    0 Low 36
org.eclipse.emf.common-2.10.1.v20140901-1043.jar cpe:/a:eclipse:birt:2.10.1.v20140901
cpe:/a:id:id-software:2.10.1.v20140901
org.eclipse.birt.runtime:org.eclipse.emf.common:2.10.1.v20140901-1043    0 Low 35
org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar cpe:/a:eclipse:birt:1.2.8.v20140123 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.sqm.core:1.2.8.v201401230755  Medium 1 Low 35
org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar cpe:/a:eclipse:birt:3.2.6.v20130517 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.oda.consumer:3.2.6.v201305170644    0 Low 35
org.eclipse.core.jobs-3.6.0.v20140424-0053.jar cpe:/a:id:id-software:3.6.0.v20140424
cpe:/a:eclipse:birt:3.6.0.v20140424
org.eclipse.birt.runtime:org.eclipse.core.jobs:3.6.0.v20140424-0053    0 Low 35
org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar cpe:/a:ibm:db2:1.0.4.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition:1.0.4.v201107221502  High 23 Low 25
org.eclipse.osgi.services-3.3.100.v20130513-1956.jar org.eclipse.birt.runtime:org.eclipse.osgi.services:3.3.100.v20130513-1956    0 34
org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar cpe:/a:id:id-software:3.4.200.v20130326
cpe:/a:eclipse:birt:3.4.200.v20130326
org.eclipse.birt.runtime:org.eclipse.core.contenttype:3.4.200.v20130326-1255    0 Low 35
org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar cpe:/a:eclipse:birt:2.10.0.v20140901
cpe:/a:id:id-software:2.10.0.v20140901
org.eclipse.birt.runtime:org.eclipse.emf.ecore.change:2.10.0.v20140901-1043    0 Low 35
org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar cpe:/a:eclipse:birt:3.2.9.v20140313 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.oda.profile:3.2.9.v201403131814    0 Low 35
org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar cpe:/a:id:id-software:1.4.0.v20130514
cpe:/a:eclipse:birt:1.4.0.v20130514
org.eclipse.birt.runtime:org.eclipse.core.filesystem:1.4.0.v20130514-1240  Medium 1 Low 35
org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar cpe:/a:id:id-software:1.2.11.v20140123
cpe:/a:eclipse:birt:1.2.11.v20140123
org.eclipse.birt.runtime:org.eclipse.datatools.connectivity:1.2.11.v201401230755  Medium 1 Low 34
org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar cpe:/a:id:id-software:3.5.100.v20130422
cpe:/a:eclipse:birt:3.5.100.v20130422
org.eclipse.birt.runtime:org.eclipse.equinox.preferences:3.5.100.v20130422-1538    0 Low 42
org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar cpe:/a:eclipse:birt:2.10.1.v20140901
cpe:/a:id:id-software:2.10.1.v20140901
org.eclipse.birt.runtime:org.eclipse.emf.ecore:2.10.1.v20140901-1043    0 Low 34
org.eclipse.core.resources-3.9.1.v20140825-1431.jar cpe:/a:eclipse:birt:3.9.1.v20140825
cpe:/a:id:id-software:3.9.1.v20140825
org.eclipse.birt.runtime:org.eclipse.core.resources:3.9.1.v20140825-1431    0 Low 35
org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar cpe:/a:eclipse:birt:3.1.8.v20140301 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.oda.flatfile:3.1.8.v201403010906    0 Low 35
org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar cpe:/a:ibm:db2_connect:1.0.2.v20110722
cpe:/a:ibm:db2:1.0.2.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.ibm.db2.luw:1.0.2.v201107221502  High 23 Low 35
org.eclipse.update.configurator-3.3.200.v20130326-1319.jar cpe:/a:php-update:php-update:3.3.200.v20130326 org.eclipse.birt.runtime:org.eclipse.update.configurator:3.3.200.v20130326-1319    0 Low 37
org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar cpe:/a:eclipse:birt:3.4.3.v20140530 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.oda:3.4.3.v201405301249    0 Low 35
org.eclipse.emf-2.6.0.v20140901-1055.jar cpe:/a:eclipse:birt:2.6.0.v20140901
cpe:/a:id:id-software:2.6.0.v20140901
org.eclipse.birt.runtime:org.eclipse.emf:2.6.0.v20140901-1055    0 Low 25
org.w3c.dom.smil-1.0.0.jar cpe:/a:id:id-software:1.0.0
cpe:/a:eclipse:birt:1.0.0
org.eclipse.birt.runtime.3_7_1:org.w3c.dom.smil:1.0.0  Medium 1 Low 30
org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar cpe:/a:eclipse:birt:1.0.0.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.hsqldb.dbdefinition:1.0.0.v201107221502  Medium 1 Low 25
org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar cpe:/a:id:id-software:1.0.0.v20110722
cpe:/a:eclipse:birt:1.0.0.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.modelbase.derby:1.0.0.v201107221519  Medium 1 Low 35
org.apache.batik.parser-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.parser:1.6.0  High 2 Low 31
org.eclipse.equinox.common-3.6.200.v20130402-1505.jar cpe:/a:eclipse:birt:3.6.200.v20130402 org.eclipse.birt.runtime:org.eclipse.equinox.common:3.6.200.v20130402-1505    0 Low 35
org.apache.batik.util.gui-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.util.gui:1.6.0  High 2 Low 30
javax.xml.stream-1.0.1.v201004272200.jar cpe:/a:eclipse:birt:1.0.1.v20100427
cpe:/a:id:id-software:1.0.1.v20100427
org.eclipse.birt.runtime:javax.xml.stream:1.0.1.v201004272200  Medium 1 Low 32
org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar cpe:/a:ibm:informix_connect_runtime:1.0.1.v20110722
cpe:/a:ibm:informix:1.0.1.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.ibm.informix:1.0.1.v201107221502    0 Low 35
org.apache.batik.svggen-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.svggen:1.6.0  High 2 Low 31
org.apache.batik.dom-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom:1.6.0  High 2 Low 31
org.apache.batik.css-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.css:1.6.0  High 2 Low 32
org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar cpe:/a:dbd-mysql_project:dbd-mysql:1.0.4.v20121212
cpe:/a:mysql:mysql:1.0.4.v20121212
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.mysql:1.0.4.v201212120617  High 29 Low 35
org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar cpe:/a:eclipse:birt:1.0.1.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.db.generic:1.0.1.v201107221459  Medium 1 Low 35
org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar cpe:/a:id:id-software:1.0.0.v20110722
cpe:/a:eclipse:birt:1.0.0.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.hsqldb:1.0.0.v201107221502  Medium 1 Low 35
org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar cpe:/a:eclipse:birt:1.0.1.v20120124 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition:1.0.1.v201201240505  Medium 1 Low 25
org.apache.xml.resolver-1.2.0.jar cpe:/a:id:id-software:1.2.0
cpe:/a:eclipse:birt:1.2.0
org.eclipse.birt.runtime.3_7_1:org.apache.xml.resolver:1.2.0  Medium 1 Low 29
org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar cpe:/a:ibm:informix:1.0.4.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.ibm.informix.dbdefinition:1.0.4.v201107221502    0 Low 25
org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar cpe:/a:id:id-software:1.0.6.v20120823
cpe:/a:eclipse:birt:1.0.6.v20120823
org.eclipse.birt.runtime:org.eclipse.datatools.modelbase.sql:1.0.6.v201208230744  Medium 1 Low 35
org.w3c.dom.svg-1.1.0.jar cpe:/a:id:id-software:1.1.0
cpe:/a:eclipse:birt:1.1.0
org.eclipse.birt.runtime.3_7_1:org.w3c.dom.svg:1.1.0  Medium 1 Low 31
org.apache.batik.dom.svg-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom.svg:1.6.0  High 2 Low 32
org.apache.batik.ext.awt-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.ext.awt:1.6.0  High 2 Low 32
org.mozilla.javascript-1.7.2.jar org.eclipse.birt.runtime.3_7_1:org.mozilla.javascript:1.7.2    0 27
org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar cpe:/a:postgresql:postgresql:1.1.1.v20120525 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.postgresql:1.1.1.v201205252207  High 20 Low 35
org.apache.batik.transcoder-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.transcoder:1.6.0  High 2 Low 31
org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar cpe:/a:apache:derby:1.0.2.v20110722 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.apache.derby.dbdefinition:1.0.2.v201107221459  Medium 2 Low 25
org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar cpe:/a:id:id-software:1.0.0.v20110722
cpe:/a:eclipse:birt:1.0.0.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.oracle:1.0.0.v201107221506  Medium 1 Low 35
org.apache.batik.util-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.util:1.6.0  High 2 Low 31
org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar cpe:/a:eclipse:birt:1.0.103.v20120601 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.oracle.dbdefinition:1.0.103.v201206010214  Medium 1 Low 25
org.apache.batik.xml-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.xml:1.6.0  High 2 Low 31
org.apache.xml.serializer-2.7.1.jar cpe:/a:id:id-software:2.7.1
cpe:/a:eclipse:birt:2.7.1
org.eclipse.birt.runtime.3_7_1:org.apache.xml.serializer:2.7.1    0 Low 29
org.apache.xerces-2.9.0.jar cpe:/a:id:id-software:2.9.0
cpe:/a:eclipse:birt:2.9.0
org.eclipse.birt.runtime.3_7_1:org.apache.xerces:2.9.0    0 Low 29
org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar cpe:/a:eclipse:birt:1.1.4.v20121212 org.eclipse.birt.runtime:org.eclipse.datatools.modelbase.sql.query:1.1.4.v201212120619  Medium 1 Low 35
org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar cpe:/a:eclipse:birt:1.0.2.v20110722
cpe:/a:id:id-software:1.0.2.v20110722
org.eclipse.birt.runtime:org.eclipse.datatools.modelbase.dbdefinition:1.0.2.v201107221519  Medium 1 Low 35
org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar cpe:/a:mysql:mysql:1.0.4.v20110902
cpe:/a:dbd-mysql_project:dbd-mysql:1.0.4.v20110902
org.eclipse.birt.runtime:org.eclipse.datatools.enablement.mysql.dbdefinition:1.0.4.v201109022331  High 29 Low 25
org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar cpe:/a:mongodb:mongodb:2.10.1.v20130422 org.eclipse.birt.runtime:org.eclipse.orbit.mongodb:2.10.1.v20130422-1135  Low 2 Low 28
javax.wsdl-1.5.1.jar cpe:/a:eclipse:birt:1.5.1
cpe:/a:id:id-software:1.5.1
org.eclipse.birt.runtime.3_7_1:javax.wsdl:1.5.1  Medium 1 Low 36
Tidy-1.jar cpe:/a:eclipse:birt:- org.eclipse.birt.runtime.3_7_1:Tidy:1  Medium 1 Low 22
org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar cpe:/a:postgresql:postgresql:1.0.2.v20111007 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.postgresql.dbdefinition:1.0.2.v201110070445  High 20 Low 25
org.w3c.css.sac-1.3.0.jar cpe:/a:id:id-software:1.3.0
cpe:/a:eclipse:birt:1.3.0
org.eclipse.birt.runtime.3_7_1:org.w3c.css.sac:1.3.0  Medium 1 Low 29
org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar cpe:/a:eclipse:birt:1.0.2.v20121212 org.eclipse.birt.runtime:org.eclipse.datatools.enablement.msft.sqlserver:1.0.2.v201212120617  Medium 1 Low 35
flute-1.3.jar milyn:flute:1.3    0 22
org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar cpe:/a:apache:derby:1.0.103.v20121207 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.apache.derby:1.0.103.v201212070447  Medium 2 Low 35
org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar cpe:/a:eclipse:birt:1.0.10.v20110925 org.eclipse.birt.runtime:org.eclipse.datatools.connectivity.console.profile:1.0.10.v201109250955  Medium 1 Low 35
org.apache.commons.codec-1.3.0.jar cpe:/a:id:id-software:1.3.0
cpe:/a:eclipse:birt:1.3.0
org.eclipse.birt.runtime.3_7_1:org.apache.commons.codec:1.3.0  Medium 1 Low 29
com.lowagie.text-2.1.7.jar cpe:/a:id:id-software:2.1.7
cpe:/a:eclipse:birt:2.1.7
org.eclipse.birt.runtime.3_7_1:com.lowagie.text:2.1.7  Medium 1 Low 29
org.apache.batik.bridge-1.6.0.jar cpe:/a:apache:batik:1.6.0 org.eclipse.birt.runtime.3_7_1:org.apache.batik.bridge:1.6.0  High 2 Low 31
aopalliance-1.0.jar aopalliance:aopalliance:1.0    0 22
jaxb-impl-2.1.9.jar com.sun.xml.bind:jaxb-impl:2.1.9    0 28
person-directory-api-1.5.0-RC5.jar org.jasig.service:person-directory-api:1.5.0-RC5    0 27
spring-context-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-context:2.5.6.SEC01  High 7 Low 33
spring-tx-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-tx:2.5.6.SEC01  High 7 Low 35
spring-context-support-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-context-support:2.5.6.SEC01  High 7 Low 33
spring-web-2.5.6.SEC01.jar cpe:/a:springsource:spring_framework:2.5.6.sec01
cpe:/a:pivotal:spring_framework:2.5.6.sec01
cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
org.springframework:spring-web:2.5.6.SEC01  High 7 Low 35
hibernate-3.2.6.ga.jar org.hibernate:hibernate:3.2.6.ga    0 27
hibernate-commons-annotations-3.0.0.ga.jar org.hibernate:hibernate-commons-annotations:3.3.0.ga    0 26
ejb3-persistence-1.0.1.GA.jar org.hibernate:ejb3-persistence:1.0.1.GA    0 26
aspectjweaver-1.5.3.jar aspectj:aspectjweaver:1.5.3    0 25
aspectjrt-1.5.3.jar aspectj:aspectjrt:1.5.3    0 24
ognl-2.6.9.jar cpe:/a:ognl_project:ognl:2.6.9 ognl:ognl:2.6.9  Medium 1 Low 22
spring-binding-1.0.6.jar cpe:/a:pivotal:spring_framework:1.0.6
cpe:/a:vmware:springsource_spring_framework:1.0.6
cpe:/a:pivotal_software:spring_framework:1.0.6
cpe:/a:springsource:spring_framework:1.0.6
org.springframework:spring-binding:1.0.6  High 7 Low 33
plexus-utils-1.5.6.jar org.codehaus.plexus:plexus-utils:1.5.6    0 26
maven-scm-provider-svn-commons-1.4.jar org.apache.maven.scm:maven-scm-provider-svn-commons:1.4    0 27
regexp-1.3.jar regexp:regexp:1.3    0 16
jaxb-api-2.1.jar javax.xml.bind:jaxb-api:2.1   0 17
ehcache-1.2.3.jar net.sf.ehcache:ehcache:1.2.3    0 24
jta-1.0.1B.jar javax.transaction:jta:1.0.1B   0 10
asm-attrs-1.5.3.jar asm:asm-attrs:1.5.3    0 29
antlr-2.7.6.jar antlr:antlr:2.7.6    0 18
cglib-2.1_3.jar cglib:cglib:2.1_3    0 22
asm-1.5.3.jar asm:asm:1.5.3    0 27
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2    0 22
geronimo-jta_1.1_spec-1.1.1.jar org.apache.geronimo.specs:geronimo-jta_1.1_spec:1.1.1    0 27
commons-io-2.5.jar commons-io:commons-io:2.5    0 42
jackson-databind-2.8.9.jar cpe:/a:fasterxml:jackson:2.8.9 com.fasterxml.jackson.core:jackson-databind:2.8.9    0 Low 40
curvesapi-1.04.jar com.github.virtuald:curvesapi:1.04    0 22
guava-20.0.jar com.google.guava:guava:20.0    0 30
commons-beanutils-1.9.3.jar cpe:/a:apache:commons_beanutils:1.9.3 commons-beanutils:commons-beanutils:1.9.3    0 Low 42
fontbox-2.0.6.jar org.apache.pdfbox:fontbox:2.0.6    0 38
batik-css-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-css:1.9    0 Low 27
serializer-2.7.2.jar cpe:/a:apache:xalan-java:2.7.2 xalan:serializer:2.7.2    0 Low 33
protobuf-java-3.1.0.jar cpe:/a:google:protobuf:3.1.0 com.google.protobuf:protobuf-java:3.1.0  Medium 1 Low 30
httpmime-4.5.3.jar cpe:/a:apache:httpclient:4.5.3 org.apache.httpcomponents:httpmime:4.5.3    0 Low 33
woodstox-core-asl-4.4.1.jar org.codehaus.woodstox:woodstox-core-asl:4.4.1    0 36
asm-5.1.jar org.ow2.asm:asm:5.1    0 32
xercesImpl-2.9.1.jar xerces:xercesImpl:2.9.1   0 49
poi-ooxml-schemas-3.17-beta1.jar cpe:/a:apache:poi:3.17.beta org.apache.poi:poi-ooxml-schemas:3.17-beta1    0 Low 32
stax-api-1.0.1.jar stax:stax-api:1.0.1    0 29
spring-beans-2.5.6.jar cpe:/a:vmware:springsource_spring_framework:2.5.6
cpe:/a:pivotal_software:spring_framework:2.5.6
cpe:/a:springsource:spring_framework:2.5.6
cpe:/a:pivotal:spring_framework:2.5.6
org.springframework:spring-beans:2.5.6  High 8 Highest 37
servlet-api-2.4.jar servletapi:servlet-api:2.4    0 22
jackson-annotations-2.8.0.jar cpe:/a:fasterxml:jackson:2.8.0 com.fasterxml.jackson.core:jackson-annotations:2.8.0    0 Highest 40
jackson-core-2.8.9.jar cpe:/a:fasterxml:jackson:2.8.9 com.fasterxml.jackson.core:jackson-core:2.8.9    0 Low 40
juel-spi-2.2.7.jar de.odysseus.juel:juel-spi:2.2.7    0 23
barcode4j-fop-ext-2.1.jar net.sf.barcode4j:barcode4j-fop-ext:2.1    0 30
barcode4j-2.1.jar net.sf.barcode4j:barcode4j:2.1    0 34
axis2-transport-http-1.7.1.jar cpe:/a:apache:axis2:1.7.1 org.apache.axis2:axis2-transport-http:1.7.1  Medium 2 Low 29
axis2-transport-local-1.7.1.jar cpe:/a:apache:axis2:1.7.1 org.apache.axis2:axis2-transport-local:1.7.1  Medium 2 Low 30
derby-10.14.1.0.jar cpe:/a:apache:derby:10.14.1.0 org.apache.derby:derby:10.14.1.0    0 Low 31
geronimo-jaxrpc_1.1_spec-1.1.jar org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1    0 25
log4j-1.2-api-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-1.2-api:2.9.1    0 Low 39
log4j-core-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-core:2.9.1    0 Low 40
log4j-jul-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-jul:2.9.1    0 Low 40
log4j-slf4j-impl-2.9.1.jar cpe:/a:apache:log4j:2.9.1 org.apache.logging.log4j:log4j-slf4j-impl:2.9.1    0 Low 40
batik-all-1.8pre-r1084380.jar cpe:/a:apache:batik:1.8pre org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380    0 Low 24
avalon-framework-impl-4.2.0.jar avalon-framework:avalon-framework-impl:4.2.0    0 25
slf4j-api-1.7.25.jar org.slf4j:slf4j-api:1.7.25    0 32
xml-apis-2.0.2.jar xml-apis:xml-apis:1.0.b2    0 49
junit-4.12.jar junit:junit:4.12    0 28
ant-junit-1.9.7.jar org.apache.ant:ant-junit:1.9.7    0 32
ant-1.9.7.jar org.apache.ant:ant:1.9.7    0 29
ant-launcher-1.9.7.jar org.apache.ant:ant-launcher:1.9.7    0 27
ehcache-core-2.6.2.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 26
org.eclipse.core.resources-3.9.1.v20140825-1431.jar: resources-ant.jar   0 8
jna-4.1.0.jar: jnidispatch.dll   0 2
jna-4.1.0.jar: jnidispatch.dll   0 2
jna-4.1.0.jar: jnidispatch.dll   0 2
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml org.apache.ws.commons.axiom:om-aspects:1.2.20   0 15
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml org.apache.ws.commons.axiom:core-aspects:1.2.20   0 13
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml org.apache.ws.commons.axiom:shared-aspects:1.2.20   0 15
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml org.apache.ws.commons.axiom:xml-utils:1.2.20   0 11
htrace-core-3.2.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml commons-logging:commons-logging:1.1.1   0 16
plexus-utils-1.5.6.jar\META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml org.codehaus.plexus:plexus-interpolation:1.0   0 12

Dependencies

xercesImpl-2.9.1.jar

Description:  Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

File Path: Z:\Gradle\caches\modules-2\files-2.1\apache-xerces\xercesImpl\2.9.1\7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6\xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: apache-xerces:xercesImpl:2.9.1   Confidence:Highest
  • maven: xerces:xercesImpl:2.9.1    Confidence:Highest

core-3.3.0.jar

Description: Core barcode encoding/decoding library

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.zxing\core\3.3.0\73c49077166faa4c3c0059c5f583d1d7bd1475fe\core-3.3.0.jar
MD5: 9da5048b160deec8f955a67fa4e76ddb
SHA1: 73c49077166faa4c3c0059c5f583d1d7bd1475fe
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

concurrentlinkedhashmap-lru-1.4.2.jar

Description:  A high performance version of java.util.LinkedHashMap for use as a software cache.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.concurrentlinkedhashmap\concurrentlinkedhashmap-lru\1.4.2\2eaf3d3c9746d526ff7e5b93931d482c3887e6ac\concurrentlinkedhashmap-lru-1.4.2.jar
MD5: 5edf6ccb727854204b7cc3405fbc5f01
SHA1: 2eaf3d3c9746d526ff7e5b93931d482c3887e6ac
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ez-vcard-0.9.10.jar

Description: A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards).

License:

FreeBSD License: http://opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.ez-vcard\ez-vcard\0.9.10\1997520f849718ec99a92aa67c17e408e5cca32a\ez-vcard-0.9.10.jar
MD5: 0a1ca155833e526131774263e949b13b
SHA1: 1997520f849718ec99a92aa67c17e408e5cca32a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

owasp-java-html-sanitizer-20170515.1.jar

Description:  Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.owasp-java-html-sanitizer\owasp-java-html-sanitizer\20170515.1\2ac64ee731e71b8ce411b7ff306c35eae672f6dd\owasp-java-html-sanitizer-20170515.1.jar
MD5: 3207f1e4ce09d37ab4006f0906c5bf29
SHA1: 2ac64ee731e71b8ce411b7ff306c35eae672f6dd
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

libphonenumber-8.8.3.jar

Description: Google's common Java library for parsing, formatting, storing and validating international phone numbers. Optimized for running on smartphones.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.libphonenumber\libphonenumber\8.8.3\2d492c1e27cde609383f2cd2ed85872275b9c9fa\libphonenumber-8.8.3.jar
MD5: 1b2611816d9ba0061aefcebbe26b3610
SHA1: 2d492c1e27cde609383f2cd2ed85872275b9c9fa
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

icu4j-59.1.jar

Description:  International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support

License:

Unicode/ICU License: http://source.icu-project.org/repos/icu/trunk/icu4j/main/shared/licenses/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.ibm.icu\icu4j\59.1\6f06e820cf4c8968bbbaae66ae0b33f6a256b57f\icu4j-59.1.jar
MD5: 60997176cc2577bda51a4cb2b77bdbe2
SHA1: 6f06e820cf4c8968bbbaae66ae0b33f6a256b57f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

itext-4.2.0.jar

Description: This is a build of the last MPL version of iText.

License:

GNU General Lesser Public License (LGPL) version 3.0: http://www.gnu.org/licenses/lgpl.html
Mozilla Public License Version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.lowagie\itext\4.2.0\77e08389e3fa7b0212b67702ba6e4dbbbff68ae5\itext-4.2.0.jar
MD5: b05b5dc598a303c36affc183c4e544c1
SHA1: 77e08389e3fa7b0212b67702ba6e4dbbbff68ae5
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

javax.mail-1.6.0.jar

Description: JavaMail API

License:

https://javaee.github.io/javamail/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.mail\javax.mail\1.6.0\a055c648842c4954c1f7db7254f45d9ad565e278\javax.mail-1.6.0.jar
MD5: 366fc6f9f00de3224b4f6b5056ea5f77
SHA1: a055c648842c4954c1f7db7254f45d9ad565e278
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

com.springsource.com.sun.syndication-0.9.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.syndication\com.springsource.com.sun.syndication\0.9.0\2c8daab3471d3060d115cdcf4af2a88cb04744c1\com.springsource.com.sun.syndication-0.9.0.jar
MD5: 1c5121f30c06d4ec0d5c68dc5e119929
SHA1: 2c8daab3471d3060d115cdcf4af2a88cb04744c1
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: com.sun.syndication:com.springsource.com.sun.syndication:0.9.0   Confidence:Highest

xstream-1.4.10.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://x-stream.github.io/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.thoughtworks.xstream\xstream\1.4.10\dfecae23647abc9d9fd0416629a4213a3882b101\xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: com.thoughtworks.xstream:xstream:1.4.10    Confidence:Highest
  • cpe: cpe:/a:xstream_project:xstream:1.4.10   Confidence:Low   
  • cpe: cpe:/a:x-stream:xstream:1.4.10   Confidence:Low   

commons-cli-1.3.1.jar

Description:  Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-cli\commons-cli\1.3.1\1303efbc4b181e5a58bf2e967dc156a3132b97c0\commons-cli-1.3.1.jar
MD5: 8d5fa2a42fef17d9034b35a9ac9cc750
SHA1: 1303efbc4b181e5a58bf2e967dc156a3132b97c0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-net-3.3.jar

Description:  Apache Commons Net library contains a collection of network utilities and protocol implementations. Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-net\commons-net\3.3\cd0d5510908225f76c5fe5a3f1df4fa44866f81e\commons-net-3.3.jar
MD5: c077ca61598e9c21f43f8b6488fbbee9
SHA1: cd0d5510908225f76c5fe5a3f1df4fa44866f81e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-validator-1.5.1.jar

Description:  Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework like Struts.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-validator\commons-validator\1.5.1\86d05a46e8f064b300657f751b5a98c62807e2a0\commons-validator-1.5.1.jar
MD5: 67fad26aa0c1e884a6aa4249a6126a88
SHA1: 86d05a46e8f064b300657f751b5a98c62807e2a0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

juel-impl-2.2.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-impl\2.2.7\97958467acef4c2b230b72354a4eefc66628dd99\juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

javax.el-api-3.0.1-b04.jar

Description: Expression Language 3.0 API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.el\javax.el-api\3.0.1-b04\8c0c970b8deae5054ff0bf4b17979c8181a506d3\javax.el-api-3.0.1-b04.jar
MD5: fe9f96efeb44172a4e8a54a81c93f39d
SHA1: 8c0c970b8deae5054ff0bf4b17979c8181a506d3
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

javax.servlet-api-4.0.0.jar

Description: Java(TM) Servlet 4.0 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\javax.servlet-api\4.0.0\60200affc2fe0165136ed3690faf00b66aed581a\javax.servlet-api-4.0.0.jar
MD5: 8b9c10f751f02aec8f10358c3b99c76d
SHA1: 60200affc2fe0165136ed3690faf00b66aed581a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

javax.servlet.jsp-api-2.3.0.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet.jsp\javax.servlet.jsp-api\2.3.0\3795334f4306b194003e16dfba4111a0467a49bd\javax.servlet.jsp-api-2.3.0.jar
MD5: 53f58345d415a6150e5945a6875a0ce9
SHA1: 3795334f4306b194003e16dfba4111a0467a49bd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ical4j-1.0-rc3-atlassian-11.jar

Description:  A Java library for reading and writing iCalendar (*.ics) files

License:

iCal4j - License: LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.fortuna.ical4j\ical4j\1.0-rc3-atlassian-11\cc4aa02f5cc8773876aad173517d20438b1b60ea\ical4j-1.0-rc3-atlassian-11.jar
MD5: 62338bf588ceb0a7404746cd751f5db9
SHA1: cc4aa02f5cc8773876aad173517d20438b1b60ea
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11   Confidence:Highest

ant-junit-1.10.1.jar

Description: contains the junit and junirreport tasks

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-junit\1.10.1\57b1c4a50a9095e95b3ce2ef8ccdceb945f7bb20\ant-junit-1.10.1.jar
MD5: c8510a39e471aaf847cc923d62c5abc4
SHA1: 57b1c4a50a9095e95b3ce2ef8ccdceb945f7bb20
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

axis2-kernel-1.7.6.jar

Description: Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-kernel\1.7.6\aa2e05c5dc080f7089072d17acfb9b1a50d8bda9\axis2-kernel-1.7.6.jar
MD5: 3d655a2359c7fc00b67bd951d10b2281
SHA1: aa2e05c5dc080f7089072d17acfb9b1a50d8bda9
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2012-4418  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Software & Versions:

CVE-2012-5351  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerable Software & Versions:

commons-collections4-4.1.jar

Description: The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-collections4\4.1\a4cf4688fe1c7e3a63aa636cc96d013af537768e\commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-csv-1.5.jar

Description:  The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-csv\1.5\e10f140af5b82167640f254fa9d88e35ad74329c\commons-csv-1.5.jar
MD5: 8e11b04e6025a0598e96f3e45957596d
SHA1: e10f140af5b82167640f254fa9d88e35ad74329c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-dbcp2-2.1.1.jar

Description: Apache Commons DBCP software implements Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-dbcp2\2.1.1\c4f4a76171671ccf293be8995a498eab7fa8ed24\commons-dbcp2-2.1.1.jar
MD5: 298897b1e785b933b0522351871cf7ae
SHA1: c4f4a76171671ccf293be8995a498eab7fa8ed24
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-transaction-3.1.4.jar

Description: Apache Geronimo Transaction Manager

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.components\geronimo-transaction\3.1.4\7db43d2032d5f38a47a39801903df8c97bd54155\geronimo-transaction-3.1.4.jar
MD5: 006175afd65d98a99b47ce08f972ec91
SHA1: 7db43d2032d5f38a47a39801903df8c97bd54155
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2008-0732  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.

Vulnerable Software & Versions:

geronimo-jms_1.1_spec-1.1.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jms_1.1_spec\1.1.1\c872b46c601d8dc03633288b81269f9e42762cea\geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

httpclient-cache-4.5.3.jar

Description:  Apache HttpComponents HttpClient - Cache

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient-cache\4.5.3\baa6474c7f9b9f027a02fbbee375263ac482e343\httpclient-cache-4.5.3.jar
MD5: cf3f254ca1228dd59818a2dff708e247
SHA1: baa6474c7f9b9f027a02fbbee375263ac482e343
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

log4j-api-2.9.1.jar

Description: The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-api\2.9.1\7a2999229464e7a324aa503c0a52ec0f05efe7bd\log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

poi-3.17.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi\3.17\ae92292a2043888b40d418da97dc0b669fde326\poi-3.17.jar
MD5: 243bc3d431e4fadb79738719504c64f7
SHA1: 0ae92292a2043888b40d418da97dc0b669fde326
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:poi:3.17   Confidence:Low   
  • maven: org.apache.poi:poi:3.17    Confidence:Highest

shiro-core-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-core\1.4.0\6d05bd17e057fc12d278bb367c27f9cb0f3dc197\shiro-core-1.4.0.jar
MD5: 1268db1dcfc96e6ad1a297bda1e03eea
SHA1: 6d05bd17e057fc12d278bb367c27f9cb0f3dc197
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tika-core-1.16.jar

Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-core\1.16\7b75cb2b65f6d014b6a3e4793835f5759168c34e\tika-core-1.16.jar
MD5: fba5e9c7dcab53acece0146387e9d49b
SHA1: 7b75cb2b65f6d014b6a3e4793835f5759168c34e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tika-parsers-1.16.jar

Description: Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-parsers\1.16\bececafbe32c013eae8d3f3cf10d28b136a6f9d7\tika-parsers-1.16.jar
MD5: 09792354871d704ba970b056868ff4e4
SHA1: bececafbe32c013eae8d3f3cf10d28b136a6f9d7
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-catalina-ha-8.5.23.jar

Description: Tomcat High Availability Implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina-ha\8.5.23\46e35742794a7a2e376b13301a75923e105a432e\tomcat-catalina-ha-8.5.23.jar
MD5: 4dca4b1e0536cf7e71787cbb63c19198
SHA1: 46e35742794a7a2e376b13301a75923e105a432e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-catalina-8.5.23.jar

Description: Tomcat Servlet Engine Core Classes and Standard implementations

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina\8.5.23\e27462065112496249740b3f06a99e52c62bcb7c\tomcat-catalina-8.5.23.jar
MD5: 0c7a50b5590d14a79be6e147a37122f9
SHA1: e27462065112496249740b3f06a99e52c62bcb7c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-jasper-8.5.23.jar

Description: Tomcats JSP Parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper\8.5.23\8b49bd183448deafddc3cb2892a8c05eb148139c\tomcat-jasper-8.5.23.jar
MD5: f36b78487e7a56b81cc9e53a3269a823
SHA1: 8b49bd183448deafddc3cb2892a8c05eb148139c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-tribes-8.5.23.jar

Description: Tomcat Group Communication Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-tribes\8.5.23\67ed5d09298ea4b311a01e684091790fd9a7c884\tomcat-tribes-8.5.23.jar
MD5: ffaeeef05d59e2acb671da1e6b8bca3f
SHA1: 67ed5d09298ea4b311a01e684091790fd9a7c884
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

fop-2.2.jar

Description: Apache FOP (Formatting Objects Processor) is the world's first print formatter driven by XSL formatting objects (XSL-FO) and the world's first output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PCL, PS, AFP, TIFF, PNG, SVG, XML (area tree representation), Print, AWT and TXT. The primary output target is PDF.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\fop\2.2\cc8a8ae39d215425e1dbec5552c64074d0a54b7f\fop-2.2.jar
MD5: 9414a22118eef21c276debf81d955757
SHA1: cc8a8ae39d215425e1dbec5552c64074d0a54b7f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:formatting_objects_processor:2.2   Confidence:Low   
  • maven: org.apache.xmlgraphics:fop:2.2    Confidence:Highest

xmlrpc-client-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-client\3.1.3\e486ad917028b52265610206fb5a1e2b5914b94b\xmlrpc-client-3.1.3.jar
MD5: e304ace736f9812b950f69788bb38a9d
SHA1: e486ad917028b52265610206fb5a1e2b5914b94b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5002  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Vulnerable Software & Versions:

xmlrpc-server-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-server\3.1.3\e4ddf1852cb162139230ef733223633e362cf301\xmlrpc-server-3.1.3.jar
MD5: e83289e85123bbe87cd162a9f871439a
SHA1: e4ddf1852cb162139230ef733223633e362cf301
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5002  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Vulnerable Software & Versions:

groovy-all-2.4.12.jar

Description: Groovy: A powerful, dynamic language for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.groovy\groovy-all\2.4.12\760afc568cbd94c09d78f801ce51aed1326710af\groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-6497  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Vulnerable Software & Versions:

freemarker-2.3.26-incubating.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.freemarker\freemarker\2.3.26-incubating\713237e013f725b72f4f9ec931a49c14b1805359\freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hamcrest-all-1.3.jar

Description:  QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hamcrest\hamcrest-all\1.3\63a21ebc981131004ad02e0434e799fd7f3a8d5a\hamcrest-all-1.3.jar
MD5: ae5102286b5720dd286d6b606cb891e2
SHA1: 63a21ebc981131004ad02e0434e799fd7f3a8d5a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

esapi-2.1.0.1.jar

Description: The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

License:

BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.esapi\esapi\2.1.0.1\8d35e0bad77067b534664cb408493136e086aae1\esapi-2.1.0.1.jar
MD5: 56b5519a2f8e3448d6b942bc87606a2e
SHA1: 8d35e0bad77067b534664cb408493136e086aae1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.owasp.esapi:esapi:2.1.0.1    Confidence:Highest
  • cpe: cpe:/a:owasp:enterprise_security_api:2.1.0.1   Confidence:Low   

spring-test-4.2.3.RELEASE.jar

Description: Spring TestContext Framework

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-test\4.2.3.RELEASE\d7c055b8fb1117ef75045679892228a4816cd80e\spring-test-4.2.3.RELEASE.jar
MD5: 4ec65b45ae6c51ba549b04f1d75aac7c
SHA1: d7c055b8fb1117ef75045679892228a4816cd80e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

jackson-databind-java-optional-2.6.1.jar

Description: Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects. This tool is forked from original source created by @realjenius

License:

Apache License, Version 2.0: license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.zapodot\jackson-databind-java-optional\2.6.1\c323ff3dcd35ec5e059f709bb21172dfd958bb5b\jackson-databind-java-optional-2.6.1.jar
MD5: 06e9eba92ae613c3a8ad6cf11618ecc0
SHA1: c323ff3dcd35ec5e059f709bb21172dfd958bb5b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

oro-2.0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\oro\oro\2.0.8\5592374f834645c4ae250f4c9fbb314c9369d698\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

wsdl4j-1.6.3.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\wsdl4j\wsdl4j\1.6.3\6d106a6845a3d3477a1560008479312888e94f2f\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jjwt-0.9.0.jar

Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.jsonwebtoken\jjwt\0.9.0\64e3ed8a5f0bc93ecea592a0b3280f995efbdfe9\jjwt-0.9.0.jar
MD5: 7b1e13236ec27cdb6fde77d4abd89f0c
SHA1: 64e3ed8a5f0bc93ecea592a0b3280f995efbdfe9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jsoup-1.8.3.jar

Description: jsoup HTML parser

License:

The MIT License: http://jsoup.org/license
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jsoup\jsoup\1.8.3\65fd012581ded67bc20945d85c32b4598c3a9cf1\jsoup-1.8.3.jar
MD5: 80adb5b301ed840a4b6db97abc02a8b0
SHA1: 65fd012581ded67bc20945d85c32b4598c3a9cf1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-6748  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

Vulnerable Software & Versions:

itextpdf-5.5.6.jar

Description: iText, a free Java-PDF library

License:

GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.itextpdf\itextpdf\5.5.6\19448fdba5df68602aed364b86fd14d89c07a66e\itextpdf-5.5.6.jar
MD5: ce105599cd1ae696a04d14dd8f9de5a7
SHA1: 19448fdba5df68602aed364b86fd14d89c07a66e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

activation-1.1.jar

Description:  JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.activation\activation\1.1\e6cb541461c2834bdea3eb920f1884d1eb508b50\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

com.springsource.org.jdom-1.0.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\com.springsource.org.jdom\1.0.0\32e7389479349a9d30cab805d83486b1e865aeaa\com.springsource.org.jdom-1.0.0.jar
MD5: 9741e6528d37b38ac5c953f3d1892aa4
SHA1: 32e7389479349a9d30cab805d83486b1e865aeaa
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.jdom:com.springsource.org.jdom:1.0.0   Confidence:Highest

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\xmlpull\xmlpull\1.1.3.1\2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa\xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: Z:\Gradle\caches\modules-2\files-2.1\xpp3\xpp3_min\1.1.4c\19d4e90b43059058f6e056f794f0ea4030d60b86\xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-digester-1.8.1.jar

Description:  The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-digester\commons-digester\1.8.1\3dec9b9c7ea9342d4dbe8c38560080d85b44a015\commons-digester-1.8.1.jar
MD5: 5002ecf033f5a79e398155823badb36a
SHA1: 3dec9b9c7ea9342d4dbe8c38560080d85b44a015
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-logging-1.2.jar

Description: Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-logging\commons-logging\1.2\4bfc12adfe4842bf07b657f0369c4cb522955686\commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-collections-3.2.2.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-collections\commons-collections\3.2.2\8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5\commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

junit-4.11.jar

Description:  JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.

License:

Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\junit\junit\4.11\4e031bb61df09069aeb2bffb4019e7a5034a4ee0\junit-4.11.jar
MD5: 3c42be5ea7cbf3635716abbb429cb90d
SHA1: 4e031bb61df09069aeb2bffb4019e7a5034a4ee0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

backport-util-concurrent-3.1.jar

Description: Dawid Kurzyniec's backport of JSR 166

License:

Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: Z:\Gradle\caches\modules-2\files-2.1\backport-util-concurrent\backport-util-concurrent\3.1\682f7ac17fed79e92f8e87d8455192b63376347b\backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ant-1.10.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant\1.10.1\591b690cc83d444fa9c9813a792aeaba412e4ab6\ant-1.10.1.jar
MD5: 1acf5522fe413f811675972a2f3fa68d
SHA1: 591b690cc83d444fa9c9813a792aeaba412e4ab6
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

axiom-api-1.2.20.jar

Description: The Axiom API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-api\1.2.20\ec33988dce6ab4c1d15122208dae7b1fbc6c0ac4\axiom-api-1.2.20.jar
MD5: 1be8dab65aa72d613bf07ce79c4b41c6
SHA1: ec33988dce6ab4c1d15122208dae7b1fbc6c0ac4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

axiom-impl-1.2.20.jar

Description: The default implementation of the Axiom API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar
MD5: 91d2ea04009497e11b940987359a190b
SHA1: 0fdb6f7eb20dfaab2ee513e734defc7219aed046
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-ws-metadata_2.0_spec-1.1.2.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-ws-metadata_2.0_spec\1.1.2\7be9f049b4f0f0cf045675be5a0ff709d57cbc6a\geronimo-ws-metadata_2.0_spec-1.1.2.jar
MD5: 3d0fbbca45e8877dee74e83bc83317d5
SHA1: 7be9f049b4f0f0cf045675be5a0ff709d57cbc6a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-fileupload\commons-fileupload\1.3.3\4ff14d809195b711fd6bcc87e6777f886730ca1\commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmlschema-core-2.2.1.jar

Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.xmlschema\xmlschema-core\2.2.1\2eff1f3776590d4c51cc735eab2143c497329f2\xmlschema-core-2.2.1.jar
MD5: bab3d98961f361b5e66dbcdadaad1ecf
SHA1: 02eff1f3776590d4c51cc735eab2143c497329f2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

neethi-3.0.3.jar

Description: Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.neethi\neethi\3.0.3\ee37a38bbf9f355ee88ba554a85c9220b75ba500\neethi-3.0.3.jar
MD5: 8a81813a03e2899ccd31f0e92f6cc691
SHA1: ee37a38bbf9f355ee88ba554a85c9220b75ba500
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

woden-core-1.0M10.jar

Description: The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects such as Axis2.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.woden\woden-core\1.0M10\ffed89bc39eb7fce6b74765b3417c6844d8003a2\woden-core-1.0M10.jar
MD5: 7b04937efc02bbc6cb0b73afb5d48b78
SHA1: ffed89bc39eb7fce6b74765b3417c6844d8003a2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.ws.rs\jsr311-api\1.1.1\59033da2a1afd56af1ac576750a8d0b1830d59e6\jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-pool2-2.4.2.jar

Description: Apache Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-pool2\2.4.2\e5f4f28f19d57716fbc3989d7a357ebf1e454fea\commons-pool2-2.4.2.jar
MD5: 62727a85e2e1bf6a756f5571d19cc71c
SHA1: e5f4f28f19d57716fbc3989d7a357ebf1e454fea
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-j2ee-connector_1.6_spec-1.0.jar

Description: Java 2 Connector Architecture API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-j2ee-connector_1.6_spec\1.0\a1a1cb635415af603ffba27987ffcd3422fb7801\geronimo-j2ee-connector_1.6_spec-1.0.jar
MD5: f4add9eb4ff4b8c4d7591852e6d04e5f
SHA1: a1a1cb635415af603ffba27987ffcd3422fb7801
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

httpclient-4.5.3.jar

Description:  Apache HttpComponents Client

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient\4.5.3\d1577ae15f01ef5438c5afc62162457c00a34713\httpclient-4.5.3.jar
MD5: 1965ebb7aca0f9f8faaed3870d8cf689
SHA1: d1577ae15f01ef5438c5afc62162457c00a34713
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-codec-1.10.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-codec\commons-codec\1.10\4b95f4897fa13f2cd904aee711aeafc0c5295cd8\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-lang-1.4.0.jar

Description:  The lang module encapsulates only language-specific utilities that are used by various other modules. It exists to augment what we would have liked to see in the JDK but does not exist.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-lang\1.4.0\6895b5d14e7be7a77297336b037d7a7e79e858d6\shiro-lang-1.4.0.jar
MD5: c654a538ef466eb33aeb7ff59e027a01
SHA1: 6895b5d14e7be7a77297336b037d7a7e79e858d6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-cache-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-cache\1.4.0\ae1496cbdc4cce35c87d9014723863e049f9e2b4\shiro-cache-1.4.0.jar
MD5: 1424b34527e464edb0c42f74ce68876e
SHA1: ae1496cbdc4cce35c87d9014723863e049f9e2b4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-crypto-hash-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-hash\1.4.0\b767d3db10f01dfba79c04cbc9e17eae0247b9c\shiro-crypto-hash-1.4.0.jar
MD5: 66dafe1350b86759d887ab181f181759
SHA1: 0b767d3db10f01dfba79c04cbc9e17eae0247b9c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-crypto-cipher-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-cipher\1.4.0\78020924ddce7632daa3b9acb698167c240df623\shiro-crypto-cipher-1.4.0.jar
MD5: 869c982ffffd7e8dc228500dd4ece97d
SHA1: 78020924ddce7632daa3b9acb698167c240df623
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-config-core-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-core\1.4.0\7d7ede51d15d346d962da9a3743064ddc9163b1d\shiro-config-core-1.4.0.jar
MD5: e0a4f21cff332ce5debddd7633b7d243
SHA1: 7d7ede51d15d346d962da9a3743064ddc9163b1d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-config-ogdl-1.4.0.jar

Description: Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where declared name/value pairs are interpreted to create an object graph

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-ogdl\1.4.0\28c5f1338030eed8f911f0a816a5ef2716f786a6\shiro-config-ogdl-1.4.0.jar
MD5: 1a3efbe65e8e5b20f540fcf8a73c13c4
SHA1: 28c5f1338030eed8f911f0a816a5ef2716f786a6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-event-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-event\1.4.0\df4e83b5200940439e0c7ba4fc145902900e2cd\shiro-event-1.4.0.jar
MD5: 2c7267be4f08a425b52287fa01687a2a
SHA1: 0df4e83b5200940439e0c7ba4fc145902900e2cd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

vorbis-java-tika-0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-tika\0.8\4ddbb27ac5884a0f0398a63d46a89d3bc87dc457\vorbis-java-tika-0.8.jar
MD5: 85c7b34d5f94e66bf0c79f5d673db750
SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-6809  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Vulnerable Software & Versions:

jackcess-2.1.8.jar

Description: A pure Java library for reading from and writing to MS Access databases.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess\2.1.8\dfc7156e11ce33bbcb7f4f6724a87b9d969f2fd6\jackcess-2.1.8.jar
MD5: 8f85f1c9a32d43c0771e11759f0cb210
SHA1: dfc7156e11ce33bbcb7f4f6724a87b9d969f2fd6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackcess-encrypt-2.1.2.jar

Description: An add-on to the Jackcess library for handling encryption in MS Access files.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess-encrypt\2.1.2\c11d7a42af7070b84d832198558df52032de734c\jackcess-encrypt-2.1.2.jar
MD5: 6680420439292d286c51ab8b76a53be7
SHA1: c11d7a42af7070b84d832198558df52032de734c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jmatio-1.2.jar

Description: Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.

License:

BSD: http://www.linfo.org/bsdlicense.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tallison\jmatio\1.2\69d8f2f49c1503f9b15b0eb50b1905a734a025e2\jmatio-1.2.jar
MD5: 237ce61a21ae9570ee5754fb5a54c57e
SHA1: 69d8f2f49c1503f9b15b0eb50b1905a734a025e2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

apache-mime4j-core-0.8.1.jar

Description: Java stream based MIME message parser

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-core\0.8.1\c62dfe18a3b827a2c626ade0ffba44562ddf3f61\apache-mime4j-core-0.8.1.jar
MD5: d675e31f6dbfb2b4d3c0df666b594cec
SHA1: c62dfe18a3b827a2c626ade0ffba44562ddf3f61
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

apache-mime4j-dom-0.8.1.jar

Description: Java MIME Document Object Model

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-dom\0.8.1\f2d653c617004193f3350330d907f77b60c88c56\apache-mime4j-dom-0.8.1.jar
MD5: 891730030753fea16f1f8a8776db0c51
SHA1: f2d653c617004193f3350330d907f77b60c88c56
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-compress-1.14.jar

Description:  Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-compress\1.14\7b18320d668ab080758bf5383d6d8fcf750babce\commons-compress-1.14.jar
MD5: 6dbbb8b86e98bde1f240ea475cf829fb
SHA1: 7b18320d668ab080758bf5383d6d8fcf750babce
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xz-1.6.jar

Description: XZ data compression

License:

Public Domain
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tukaani\xz\1.6\5b6f921f1810bdf90e25471968f741f87168b64\xz-1.6.jar
MD5: f1bd86b27cb86528aadc973dcd60f6ca
SHA1: 05b6f921f1810bdf90e25471968f741f87168b64
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:tukaani:xz:1.6   Confidence:Low   
  • maven: org.tukaani:xz:1.6    Confidence:Highest

CVE-2015-4035  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.

Vulnerable Software & Versions:

pdfbox-2.0.6.jar

Description:  The Apache PDFBox library is an open source Java tool for working with PDF documents.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox\2.0.6\68616a583c5f9b9ba72140364d15a07cd937ce0e\pdfbox-2.0.6.jar
MD5: 65dadb46a0185e4d644104444abb8ff4
SHA1: 68616a583c5f9b9ba72140364d15a07cd937ce0e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

pdfbox-tools-2.0.6.jar

Description:  The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains commandline tools using Apache PDFBox.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox-tools\2.0.6\3b0c2622015c048a29496291cfe44f235f5c7cdf\pdfbox-tools-2.0.6.jar
MD5: 06e926f45d7a339b3b504d84fbc51fb5
SHA1: 3b0c2622015c048a29496291cfe44f235f5c7cdf
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jempbox-1.8.13.jar

Description:  The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\jempbox\1.8.13\a874cef0ed0e2a8c4cc5ed52c23ba3e6d78eca4e\jempbox-1.8.13.jar
MD5: 449968f1151d4a9ce2e8a71f8e2622cf
SHA1: a874cef0ed0e2a8c4cc5ed52c23ba3e6d78eca4e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

bcmail-jdk15on-1.54.jar

Description: The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcmail-jdk15on\1.54\9d9b5432b4b29ef4a853223bc6e19379ef116cca\bcmail-jdk15on-1.54.jar
MD5: 6ae65fb53cf2112141aa050b465d4b92
SHA1: 9d9b5432b4b29ef4a853223bc6e19379ef116cca
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

bcprov-jdk15on-1.54.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcprov-jdk15on\1.54\1acdedeb89f1d950d67b73d481eb7736df65eedb\bcprov-jdk15on-1.54.jar
MD5: 66a9905f98513cc5e53eabcc9af3c0fb
SHA1: 1acdedeb89f1d950d67b73d481eb7736df65eedb
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54   Confidence:Low   
  • maven: org.bouncycastle:bcprov-jdk15on:1.54    Confidence:Highest
  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54   Confidence:Low   

poi-scratchpad-3.17-beta1.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-scratchpad\3.17-beta1\d4ad39b023c377ec534ab25205344eb79da4996b\poi-scratchpad-3.17-beta1.jar
MD5: 78d476ac08be52002b3b2fc2d5890d89
SHA1: d4ad39b023c377ec534ab25205344eb79da4996b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

poi-ooxml-3.17-beta1.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml\3.17-beta1\96f537614c5f5ec232fb8832313280dcb93c59ab\poi-ooxml-3.17-beta1.jar
MD5: 6dad7f7ff6f538098ee1ac741aadaebd
SHA1: 96f537614c5f5ec232fb8832313280dcb93c59ab
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tagsoup-1.2.1.jar

Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ccil.cowan.tagsoup\tagsoup\1.2.1\5584627487e984c03456266d3f8802eb85a9ce97\tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

isoparser-1.1.18.jar

Description: A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)

License:

Apache Software License - Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.mp4parser\isoparser\1.1.18\c74bdac64b22f1e245a7657149a43437aae4a9d3\isoparser-1.1.18.jar
MD5: e2902a2f427f2d6bf6b245f9b100feed
SHA1: c74bdac64b22f1e245a7657149a43437aae4a9d3
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metadata-extractor-2.9.1.jar

Description: Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.drewnoakes\metadata-extractor\2.9.1\53fdf22be10c9d426ec63431c7342895bc642261\metadata-extractor-2.9.1.jar
MD5: 2ca081a3d5fc1bcfbb51cc11808a8b88
SHA1: 53fdf22be10c9d426ec63431c7342895bc642261
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

boilerpipe-1.1.0.jar

Description: The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page. The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings. Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate. Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0. The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA.

License:

Apache License 2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\de.l3s.boilerpipe\boilerpipe\1.1.0\f62cb75ed52455a9e68d1d05b84c500673340eb2\boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

rome-1.5.1.jar

Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format.

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome\1.5.1\cc3489f066749bede7fc81f4e80c0d8c9534a210\rome-1.5.1.jar
MD5: 07039d4b871513942d0495311947275f
SHA1: cc3489f066749bede7fc81f4e80c0d8c9534a210
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

vorbis-java-core-0.8.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-core\0.8\7e9937c2575cda2e3fc116415117c74f23e43fa6\vorbis-java-core-0.8.jar
MD5: 71b623b57f56daf112bddb3337ee896d
SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

juniversalchardet-1.0.3.jar

Description: Java port of universalchardet

License:

Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.juniversalchardet\juniversalchardet\1.0.3\cd49678784c46aa8789c060538e0154013bb421b\juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jhighlight-1.0.2.jar

Description:  JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source.

License:

CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codelibs\jhighlight\1.0.2\992a8a8add10468930efc1f110f2895f68258a1e\jhighlight-1.0.2.jar
MD5: 867f23891848a72f1284ff3aaf18d94e
SHA1: 992a8a8add10468930efc1f110f2895f68258a1e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

java-libpst-0.8.1.jar

Description: A library to read PST files with java, without need for external libraries.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.pff\java-libpst\0.8.1\ad31986653dac9cb5132ea5b2999c20b4b286255\java-libpst-0.8.1.jar
MD5: 6be27662e0b06154e5f05938937d16b7
SHA1: ad31986653dac9cb5132ea5b2999c20b4b286255
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

junrar-0.7.jar

Description: rar decompression library in plain java

License:

UnRar License: https://raw.github.com/junrar/junrar/master/license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.junrar\junrar\0.7\18cc717b85af0b12ba922abf415c2ff4716f8219\junrar-0.7.jar
MD5: 75a215b9e921044cd2c88e73f6cb9745
SHA1: 18cc717b85af0b12ba922abf415c2ff4716f8219
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

cxf-rt-rs-client-3.0.12.jar

Description: Apache CXF JAX-RS Client

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-rs-client\3.0.12\af609cc16e80eb05e20c8bbf60da24416d9a9b9d\cxf-rt-rs-client-3.0.12.jar
MD5: f41dbc9bdefaa9b672595356df4affc4
SHA1: af609cc16e80eb05e20c8bbf60da24416d9a9b9d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-5253  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Vulnerable Software & Versions: (show all)

CVE-2017-3156  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-5653  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Vulnerable Software & Versions: (show all)

CVE-2017-5656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vulnerable Software & Versions: (show all)

commons-exec-1.3.jar

Description: Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-exec\1.3\8dfb9facd0830a27b1b5f29f84593f0aeee7773b\commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

opennlp-tools-1.6.0.jar

Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.opennlp\opennlp-tools\1.6.0\e89fc5317497ee3ed0e6c48a72e4f280961a02b4\opennlp-tools-1.6.0.jar
MD5: c0e0b950af9575776fc97d6d37177af3
SHA1: e89fc5317497ee3ed0e6c48a72e4f280961a02b4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-12620  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

Vulnerable Software & Versions: (show all)

json-simple-1.1.1.jar

Description: A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.json-simple\json-simple\1.1.1\c9ad4a0850ab676c5c64461a05ca524cdfff59f1\json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

json-1.8.jar

Description: A clean-room Apache-licensed implementation of simple JSON processing

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.tdunning\json\1.8\fa57d5adf557b226738cd42e6c093dd0a76c5fd4\json-1.8.jar
MD5: a89b66cf37063d0ee4f401193eb0ca2d
SHA1: fa57d5adf557b226738cd42e6c093dd0a76c5fd4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

gson-2.8.1.jar

Description: Gson JSON library

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.code.gson\gson\2.8.1\2a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0\gson-2.8.1.jar
MD5: 2c334d82c64b56ae59ea1bdcbb674303
SHA1: 02a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

slf4j-api-1.7.24.jar

Description: The slf4j API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.24\3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9\slf4j-api-1.7.24.jar
MD5: d18638036e314cdd66f04e2d248b7df9
SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • compile

Identifiers

jul-to-slf4j-1.7.24.jar

Description: JUL to SLF4J bridge

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jul-to-slf4j\1.7.24\25a2be668cb2ad1d05d76c0773df73b4b53617fd\jul-to-slf4j-1.7.24.jar
MD5: 8f13c04772e364c3ca0a1d9d979cc701
SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jcl-over-slf4j-1.7.24.jar

Description: JCL 1.2 implemented over SLF4J

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jcl-over-slf4j\1.7.24\e6a8629079856a2aa7862c6327ccf6dd1988d7fc\jcl-over-slf4j-1.7.24.jar
MD5: c4f92652e13f3095fc95fcdcb5b514d7
SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

netcdf4-4.5.5.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\netcdf4\4.5.5\675d63ecc857c50dd50858011b670160aa30b62\netcdf4-4.5.5.jar
MD5: 5f14df469295650fd65748a003c9ba56
SHA1: 0675d63ecc857c50dd50858011b670160aa30b62
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

grib-4.5.5.jar

Description:  Decoder for the GRIB format.

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\grib\4.5.5\cfe552910e9a8d57ce71134796abb281a74ead16\grib-4.5.5.jar
MD5: 0cb80276d8ea89cacc1d5632dbf39fe9
SHA1: cfe552910e9a8d57ce71134796abb281a74ead16
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

cdm-4.5.5.jar

Description:  The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats.

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\cdm\4.5.5\af1748a3d024069cb7fd3fc2591efe806c914589\cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

httpservices-4.5.5.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\httpservices\4.5.5\ee5f217be599e5e03f7f0e55e03f9e721a154f62\httpservices-4.5.5.jar
MD5: c5207827b8b7e6045b2af7e1e8c5b1d4
SHA1: ee5f217be599e5e03f7f0e55e03f9e721a154f62
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sis-utility-0.6.jar

Description:  Miscellaneous utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-utility\0.6\e049cdb56758f3a92b48af0f7741d102a90152\sis-utility-0.6.jar
MD5: b8da3a7ab7599f60b0e814605217b461
SHA1: 00e049cdb56758f3a92b48af0f7741d102a90152
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sis-netcdf-0.6.jar

Description:  Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-netcdf\0.6\c847a664eb707b0663dec4a9257419842a33e903\sis-netcdf-0.6.jar
MD5: af47f83d86ae9c8d8ec22ebe59c581d8
SHA1: c847a664eb707b0663dec4a9257419842a33e903
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sis-metadata-0.6.jar

Description:  Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-metadata\0.6\97cde9b02f2548567a06f3ecd42caa39a94ffaf4\sis-metadata-0.6.jar
MD5: 193ae7072888febbac3c0a6007e62cc9
SHA1: 97cde9b02f2548567a06f3ecd42caa39a94ffaf4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geoapi-3.0.0.jar

Description:  The development community in building GIS solutions is sustaining an enormous level of effort. The GeoAPI project aims to reduce duplication and increase interoperability by providing neutral, interface-only APIs derived from OGC/ISO Standards.

License:

https://geoapi.svn.sourceforge.net/svnroot/geoapi/branches/3.0.x/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opengis\geoapi\3.0.0\a04e0f361627fb33a140b5aa4c019741f905577\geoapi-3.0.0.jar
MD5: 97b6baee0cf3402e8360203bf6c23b3f
SHA1: 0a04e0f361627fb33a140b5aa4c019741f905577
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sentiment-analysis-parser-0.1.jar

Description: Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text.

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.usc.ir\sentiment-analysis-parser\0.1\20d1524a1270c1d26e3314d2ee71a12e6a29a27d\sentiment-analysis-parser-0.1.jar
MD5: 69727e01cb8165e2e5d637e527ea82d4
SHA1: 20d1524a1270c1d26e3314d2ee71a12e6a29a27d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-coyote-8.5.23.jar

Description: Tomcat Connectors and HTTP parser

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-coyote\8.5.23\7ec1d6ede0abcb5186181ea9b38570dd6144d8de\tomcat-coyote-8.5.23.jar
MD5: 26e6ca9702c8e3597c9a6b4673b5e4d0
SHA1: 7ec1d6ede0abcb5186181ea9b38570dd6144d8de
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:coyote_http_connector:8.5.23   Confidence:Low   
  • maven: org.apache.tomcat:tomcat-coyote:8.5.23    Confidence:Highest
  • cpe: cpe:/a:apache_software_foundation:tomcat:8.5.23   Confidence:Low   
  • cpe: cpe:/a:apache_tomcat:apache_tomcat:8.5.23   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat:8.5.23   Confidence:Low   
  • cpe: cpe:/a:apache:tomcat_connectors:8.5.23   Confidence:Low   

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-servlet-api-8.5.23.jar

Description: javax.servlet package

License:

        Apache License, Version 2.0 and
        Common Development And Distribution License (CDDL) Version 1.0
      :
        http://www.apache.org/licenses/LICENSE-2.0.txt and
        http://www.opensource.org/licenses/cddl1.txt
      
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-servlet-api\8.5.23\21a212688ec94fe77aff74ab34cc74f6f940e60\tomcat-servlet-api-8.5.23.jar
MD5: 7f722bbee6cfb4e7bbb1886e22f80ee6
SHA1: 021a212688ec94fe77aff74ab34cc74f6f940e60
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-juli-8.5.23.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-juli\8.5.23\98e7f0610b7b2fb8303f11be0210e3f5a56a7d55\tomcat-juli-8.5.23.jar
MD5: 359c91b465359dbec89664c14c8ca465
SHA1: 98e7f0610b7b2fb8303f11be0210e3f5a56a7d55
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-util-8.5.23.jar

Description: Common code shared by multiple Tomcat components

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util\8.5.23\e6d5e8becd2eda3bcec39bee2fbe10a93590506\tomcat-util-8.5.23.jar
MD5: b1f801d67ec27913abfe23ae511ff4a0
SHA1: 0e6d5e8becd2eda3bcec39bee2fbe10a93590506
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-util-scan-8.5.23.jar

Description:  Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util-scan\8.5.23\2ff39be3d61d2147d6a032f46d3ba4e42a618ad2\tomcat-util-scan-8.5.23.jar
MD5: c8b13ff2b2b506f15c276f67454af0c9
SHA1: 2ff39be3d61d2147d6a032f46d3ba4e42a618ad2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-jsp-api-8.5.23.jar

Description: JSP package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jsp-api\8.5.23\6568c9c627f87a5278566d62a33802722cf1a00c\tomcat-jsp-api-8.5.23.jar
MD5: 7364bade0d37475a2af95258d385abba
SHA1: 6568c9c627f87a5278566d62a33802722cf1a00c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-annotations-api-8.5.23.jar

Description: Annotations Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-annotations-api\8.5.23\aaf17df9fe0240e9e9d5375d24d5f177174b73d9\tomcat-annotations-api-8.5.23.jar
MD5: a176f33b5656eb44675aacb1f50e8468
SHA1: aaf17df9fe0240e9e9d5375d24d5f177174b73d9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-api-8.5.23.jar

Description: Definition of interfaces shared by Catalina and Jasper

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-api\8.5.23\ef3e2cde0b6c2cff40fd8942ca3c88c029c50990\tomcat-api-8.5.23.jar
MD5: 9de52e16b119d8e5cbd78e1d8e6c4004
SHA1: ef3e2cde0b6c2cff40fd8942ca3c88c029c50990
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-jni-8.5.23.jar

Description: Interface code to the native connector

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jni\8.5.23\cf0f1df5f9d14c39bd39f39e94edaf90f41802c\tomcat-jni-8.5.23.jar
MD5: f18f7a50b085aa82d3e00ed38dbbf9e4
SHA1: 0cf0f1df5f9d14c39bd39f39e94edaf90f41802c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-jaspic-api-8.5.23.jar

Description: javax.security.auth.message package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jaspic-api\8.5.23\709545a369b74ad9167046ee1feeb822a6065442\tomcat-jaspic-api-8.5.23.jar
MD5: c33d9f4a39a46810db2969adef4dbe4c
SHA1: 709545a369b74ad9167046ee1feeb822a6065442
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

tomcat-el-api-8.5.23.jar

Description: Expression language package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-el-api\8.5.23\636b6e19ceede3f379c729dff813b4f23348b29e\tomcat-el-api-8.5.23.jar
MD5: 230ad915c91ebaa9ee68e381581aba8e
SHA1: 636b6e19ceede3f379c729dff813b4f23348b29e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

ecj-3.12.3.jar

Description: Eclipse Compiler for Java(TM)

License:

Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jdt\ecj\3.12.3\ade950992eb3caf6ab4f1a88706c755f0bf213d9\ecj-3.12.3.jar
MD5: 33e190a0f0745306de54fba90f381fc3
SHA1: ade950992eb3caf6ab4f1a88706c755f0bf213d9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-jasper-el-8.5.23.jar

Description: Jasper Expression Language Impl

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper-el\8.5.23\a77e56ce7007018c9ffb0f14f0e0dfcadebd7644\tomcat-jasper-el-8.5.23.jar
MD5: 18d65038164882e2bd8741d6b027c774
SHA1: a77e56ce7007018c9ffb0f14f0e0dfcadebd7644
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

xmlgraphics-commons-2.2.jar

Description:  Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\xmlgraphics-commons\2.2\89f22650b8b8a5ac91207bf58190df852d97415a\xmlgraphics-commons-2.2.jar
MD5: 025a1e9ec9075ee4c07a0e7eff3f21d9
SHA1: 89f22650b8b8a5ac91207bf58190df852d97415a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-svg-dom-1.9.jar

Description: Batik SVG DOM implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svg-dom\1.9\c6535d0a6656f18706fbe68796cd803aae5d1ec6\batik-svg-dom-1.9.jar
MD5: 4f6a8ee9bb4d3d752bfdea15e0133eaf
SHA1: c6535d0a6656f18706fbe68796cd803aae5d1ec6
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-bridge-1.9.jar

Description: Batik bridge

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-bridge\1.9\fb7509c68f90e64a45f8ceece187a211415640c1\batik-bridge-1.9.jar
MD5: b71d171a09c0169ee18fbc9059b9f6ab
SHA1: fb7509c68f90e64a45f8ceece187a211415640c1
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-awt-util-1.9.jar

Description: Batik AWT utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-awt-util\1.9\855cbcf158a0ae62ce85f2705a9bfccd4e99ede7\batik-awt-util-1.9.jar
MD5: 306750a7fd548bc11cad8f5a9db76701
SHA1: 855cbcf158a0ae62ce85f2705a9bfccd4e99ede7
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-gvt-1.9.jar

Description: Batik Graphics Vector Tree (GVT)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-gvt\1.9\58fc30896e7afdcc1e5af4e557fcc0e735c5072a\batik-gvt-1.9.jar
MD5: dff5aef888632956d6bc4b6308112a42
SHA1: 58fc30896e7afdcc1e5af4e557fcc0e735c5072a
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-transcoder-1.9.jar

Description: Batik SVG transcoder

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-transcoder\1.9\46856c150c278ee2d0dfb400fcc09bd75d25aecb\batik-transcoder-1.9.jar
MD5: 349bd5aa513d49bb47cc94bc09e31288
SHA1: 46856c150c278ee2d0dfb400fcc09bd75d25aecb
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-extension-1.9.jar

Description: Batik Extension Support

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-extension\1.9\2e1f5d9da672694274cb0f623f0011199aa57ef2\batik-extension-1.9.jar
MD5: 12b4dc000de1ffaebdd02a17369b9e56
SHA1: 2e1f5d9da672694274cb0f623f0011199aa57ef2
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-ext-1.9.jar

Description: Batik external code

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-ext\1.9\da90c9656f651df691c602285aa1ba40463326c1\batik-ext-1.9.jar
MD5: 482c8ee1087ca30918a155e5fb7bfb87
SHA1: da90c9656f651df691c602285aa1ba40463326c1
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

avalon-framework-api-4.3.1.jar

Description: Avalon Framework API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-api\4.3.1\2dacadeb49bc14420990b1f28897d46f96e2181d\avalon-framework-api-4.3.1.jar
MD5: 7c543869a7eb2bad323a54e873973acf
SHA1: 2dacadeb49bc14420990b1f28897d46f96e2181d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

avalon-framework-impl-4.3.1.jar

Description: Avalon Framework Implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-impl\4.3.1\2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b\avalon-framework-impl-4.3.1.jar
MD5: 004ac42a2cda8c444451ef187b24284f
SHA1: 2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmlrpc-common-3.1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-common\3.1.3\415daf1f1473a947452588906dc9f5b3575fb44d\xmlrpc-common-3.1.3.jar
MD5: 22f90fb4f397b588b43a8b306167f371
SHA1: 415daf1f1473a947452588906dc9f5b3575fb44d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5002  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.

Vulnerable Software & Versions:

commons-configuration-1.10.jar

Description: Tools to assist in the reading of configuration/preferences files in various formats.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-configuration\commons-configuration\1.10\2b36e4adfb66d966c5aef2d73deb6be716389dc9\commons-configuration-1.10.jar
MD5: b16511ce540fefd53981245f5f21c5f8
SHA1: 2b36e4adfb66d966c5aef2d73deb6be716389dc9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-beanutils-core-1.8.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-beanutils\commons-beanutils-core\1.8.3\75812698e5e859f2cb587c622c4cdfcd61676426\commons-beanutils-core-1.8.3.jar
MD5: 944f66e681239c8353e8497920f1e5d3
SHA1: 75812698e5e859f2cb587c622c4cdfcd61676426
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\log4j\log4j\1.2.17\5af35056b4d257e4b64b9e8069c0746e8b08629f\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.17   Confidence:Low   
  • maven: log4j:log4j:1.2.17    Confidence:Highest

xom-1.2.5.jar

Description: The XOM Dual Streaming/Tree API for Processing XML

License:

The GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\xom\xom\1.2.5\4166493b9f04e91b858ba4150b28b4d197f8f8ea\xom-1.2.5.jar
MD5: 91b16b5b53ae0804671a57dbf7623fad
SHA1: 4166493b9f04e91b858ba4150b28b4d197f8f8ea
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

bsh-core-2.0b4.jar

Description: BeanShell core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.beanshell\bsh-core\2.0b4\495e25a99e29970ffe8ba0b1d551e1d1a9991fc1\bsh-core-2.0b4.jar
MD5: bab431f0908fde87034f0c34c6cf1e30
SHA1: 495e25a99e29970ffe8ba0b1d551e1d1a9991fc1
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.beanshell:bsh-core:2.0b4    Confidence:Highest
  • cpe: cpe:/a:beanshell_project:beanshell:2.0.b4   Confidence:Low   

CVE-2016-2510  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vulnerable Software & Versions:

antisamy-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.antisamy\antisamy\1.5.3\7538ad2b1afb74e74cc419e8c7b87abfd5526251\antisamy-1.5.3.jar
MD5: bb91c92518ed27bea05ccfd445ec3424
SHA1: 7538ad2b1afb74e74cc419e8c7b87abfd5526251
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-10006  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Vulnerable Software & Versions:

CVE-2017-14735  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Vulnerable Software & Versions: (show all)

spring-core-4.2.3.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-core\4.2.3.RELEASE\3ed00dad7a16b2a28df9348294f6a67151f43cf6\spring-core-4.2.3.RELEASE.jar
MD5: d32fdda47ac7d787d10d19c0f1129d6f
SHA1: 3ed00dad7a16b2a28df9348294f6a67151f43cf6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

viewservlets-4.5.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\viewservlets\4.5.0\59c773f6cd138d08b18c47ed2c1581283f573fd\viewservlets-4.5.0.jar
MD5: fca067702a5dcaaa9715924cbd616735
SHA1: 059c773f6cd138d08b18c47ed2c1581283f573fd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-embed-websocket-8.5.23.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-websocket\8.5.23\52f07abcae10dc7e1764304b0877def175c2c833\tomcat-embed-websocket-8.5.23.jar
MD5: 03ac519ccda43a838b7b4aeb9ca2f1b5
SHA1: 52f07abcae10dc7e1764304b0877def175c2c833
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

cas-server-core-3.3.5.jar

Description: CAS core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.cas\cas-server-core\3.3.5\c47163c27b1a7617af14182c168d2b5b54cdd66\cas-server-core-3.3.5.jar
MD5: 14e8ad0fdfb00b8213bfdd2c36304e59
SHA1: 0c47163c27b1a7617af14182c168d2b5b54cdd66
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-core-7.1.0.jar

Description: Apache Lucene Java Core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-core\7.1.0\dd291b7ebf4845483895724d2562214dc7f40049\lucene-core-7.1.0.jar
MD5: a1596d6e0ceaba84b24fec5b92fc0b96
SHA1: dd291b7ebf4845483895724d2562214dc7f40049
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-queryparser-7.1.0.jar

Description: Lucene QueryParsers module

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queryparser\7.1.0\5767c15c5ee97926829fd8a4337e434fa95f3c08\lucene-queryparser-7.1.0.jar
MD5: 9e237c2fb539d5061f98c74d478d46f2
SHA1: 5767c15c5ee97926829fd8a4337e434fa95f3c08
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-analyzers-common-7.1.0.jar

Description: Additional Analyzers

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-common\7.1.0\a508bf6b580471ee568dab7d2acfedfa5aadce70\lucene-analyzers-common-7.1.0.jar
MD5: bf0e8f0fec0b8a4ebe808d3373f53217
SHA1: a508bf6b580471ee568dab7d2acfedfa5aadce70
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jug-2.0.0-asl.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License v2.1: http://www.gnu.org/licenses/lgpl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.safehaus.jug\jug\2.0.0\adf11f76e51f057e9d6903dd9a916162620386c9\jug-2.0.0-asl.jar
MD5: fe4231b92c5e4ffdc6ec308a9fd23f6a
SHA1: adf11f76e51f057e9d6903dd9a916162620386c9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.safehaus.jug:jug:2.0.0   Confidence:Highest

poi-excelant-3.14.jar

Description: Apache POI Excel Ant Tasks

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-excelant\3.14\49ded0a5f84a755ca7bce99ffe11fe6a972cb077\poi-excelant-3.14.jar
MD5: 5bad3dfa695bd5bc24560c9abc54e74e
SHA1: 49ded0a5f84a755ca7bce99ffe11fe6a972cb077
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-5644  

Severity: High
CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Software & Versions:

solr-core-7.1.0.jar

Description: Apache Solr Core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-core\7.1.0\d47b6cc1a67e69e4570aa158fb8acd4c6695ed3f\solr-core-7.1.0.jar
MD5: a1a421c3c1683ce522447b2c6582fef0
SHA1: d47b6cc1a67e69e4570aa158fb8acd4c6695ed3f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hamcrest\hamcrest-core\1.3\42a25dc3219429f0e5d060061f71acb49bf010a0\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime
  • junitReport

Identifiers

ant-launcher-1.10.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-launcher\1.10.1\7811ccc3f0d8612e402f47581915c34b2bfa8c76\ant-launcher-1.10.1.jar
MD5: 9ef34c7d46f39c1aca11dc625ef2a0fc
SHA1: 7811ccc3f0d8612e402f47581915c34b2bfa8c76
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-activation_1.1_spec-1.1.jar

Description: Java Activation Spec API 1.1

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-activation_1.1_spec\1.1\f15af1b53fba7f23ce5e9de4fb57a88585aa9eee\geronimo-activation_1.1_spec-1.1.jar
MD5: 6f2756f073402855a1567c1523f66b9b
SHA1: f15af1b53fba7f23ce5e9de4fb57a88585aa9eee
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jaxen-1.1.6.jar

Description: Jaxen is a universal Java XPath engine.

License:

http://jaxen.codehaus.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\jaxen\jaxen\1.1.6\3f8c36d9a0578e8e98f030c662b69888b1430ac0\jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-stax-api_1.0_spec-1.0.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-stax-api_1.0_spec\1.0.1\1c171093a8b43aa550c6050ac441abe713ebb4f2\geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

httpcore-4.4.6.jar

Description:  Apache HttpComponents Core (blocking I/O)

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpcore\4.4.6\e3fd8ced1f52c7574af952e2e6da0df8df08eb82\httpcore-4.4.6.jar
MD5: a9fbd503e0802507efeeaffb56bbdf52
SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

shiro-crypto-core-1.4.0.jar

Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-core\1.4.0\7049325bba697985eee924eda03cb7971af1b808\shiro-crypto-core-1.4.0.jar
MD5: 53fc38f4845087acf364bcf9a507fdd7
SHA1: 7049325bba697985eee924eda03cb7971af1b808
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-lang-2.6.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-lang\commons-lang\2.6\ce1edb914c94ebc388f086c6827e8bdeec71ac2\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

pdfbox-debugger-2.0.6.jar

Description:  The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains the PDFDebugger.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox-debugger\2.0.6\8691431b419692d58640de8428ce35d03fa1770d\pdfbox-debugger-2.0.6.jar
MD5: a5773eac13e69854c96d14d9bad37191
SHA1: 8691431b419692d58640de8428ce35d03fa1770d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

bcpkix-jdk15on-1.54.jar

Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcpkix-jdk15on\1.54\b11bfee99bb11eea344de6e4a07fe89212c55c02\bcpkix-jdk15on-1.54.jar
MD5: ea8e906cfcda284d0ae934b82863862d
SHA1: b11bfee99bb11eea344de6e4a07fe89212c55c02
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmpcore-5.1.2.jar

Description:  The XMP Library for Java is based on the C++ XMPCore library and the API is similar.

License:

The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.adobe.xmp\xmpcore\5.1.2\55615fa2582424e38705487d1d3969af8554f637\xmpcore-5.1.2.jar
MD5: 0b2cf2a09d32abdedd17de864e93ad25
SHA1: 55615fa2582424e38705487d1d3969af8554f637
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

rome-utils-1.5.1.jar

Description: Utility classes for ROME projects

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome-utils\1.5.1\3a3d6473a2f5d55fb31bf6c269af963fdea13b54\rome-utils-1.5.1.jar
MD5: ba0f0958cbbacd734b383038c3dcb0ef
SHA1: 3a3d6473a2f5d55fb31bf6c269af963fdea13b54
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-vfs2-2.0.jar

Description: VFS is a Virtual File System library.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-vfs2\2.0\b5af3b9c96b060d77c68fa5ac9384b402dd58013\commons-vfs2-2.0.jar
MD5: a2cabc6a91a9de9e3d5d460b06d65b45
SHA1: b5af3b9c96b060d77c68fa5ac9384b402dd58013
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

cxf-rt-transports-http-3.0.12.jar

Description: Apache CXF Runtime HTTP Transport

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-transports-http\3.0.12\e2eedc03de7f1cda7e94e2af2685f9124c668fd5\cxf-rt-transports-http-3.0.12.jar
MD5: e7e04464d9706e364470fc53d61e3b88
SHA1: e2eedc03de7f1cda7e94e2af2685f9124c668fd5
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-5253  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Vulnerable Software & Versions: (show all)

CVE-2017-3156  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-5653  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Vulnerable Software & Versions: (show all)

CVE-2017-5656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vulnerable Software & Versions: (show all)

cxf-core-3.0.12.jar

Description: Apache CXF Core

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-core\3.0.12\7c7beb6875fb180cc5813bfa85456f92b5b62505\cxf-core-3.0.12.jar
MD5: 33bb89b42bb979c6a4c2f7ed2d16e63c
SHA1: 7c7beb6875fb180cc5813bfa85456f92b5b62505
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-5253  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Vulnerable Software & Versions: (show all)

CVE-2017-3156  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-5653  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Vulnerable Software & Versions: (show all)

CVE-2017-5656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vulnerable Software & Versions: (show all)

cxf-rt-frontend-jaxrs-3.0.12.jar

Description: Apache CXF Runtime JAX-RS Frontend

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-frontend-jaxrs\3.0.12\30a94ced70c56464c8a1f2c409f33c403afa24ec\cxf-rt-frontend-jaxrs-3.0.12.jar
MD5: 21e16fda72a0a652fd4209635eb6de48
SHA1: 30a94ced70c56464c8a1f2c409f33c403afa24ec
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-5253  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Vulnerable Software & Versions: (show all)

CVE-2017-3156  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vulnerable Software & Versions: (show all)

CVE-2017-5653  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Vulnerable Software & Versions: (show all)

CVE-2017-5656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vulnerable Software & Versions: (show all)

jcip-annotations-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.jcip\jcip-annotations\1.0\afba4942caaeaf46aab0b976afd57cc7c181467e\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jna-4.1.0.jar

Description: Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jdom2-2.0.4.jar

Description:  A complete, Java-based solution for accessing, manipulating, and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\jdom2\2.0.4\4b65e55cc61b34bc634b25f0359d1242e4c519de\jdom2-2.0.4.jar
MD5: e51c9485a3a38525a7df4bd25a05dec6
SHA1: 4b65e55cc61b34bc634b25f0359d1242e4c519de
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

bzip2-0.9.1.jar

Description: jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.

License:

MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.itadaki\bzip2\0.9.1\47ca95f71e3ccae756c4a24354d48069c58f475c\bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2005-1260  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Vulnerable Software & Versions:

CVE-2010-0405  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Vulnerable Software & Versions: (show all)

CVE-2011-4089  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Vulnerable Software & Versions: (show all)

udunits-4.5.5.jar

Description: The ucar.units Java package is for decoding and encoding formatted unit specifications (e.g. "m/s"), converting numeric values between compatible units (e.g. between "m/s" and "knot"), and for performing arithmetic operations on units (e.g. dividing one unit by another, raising a unit to a power).

File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\udunits\4.5.5\d8c8d65ade13666eedcf764889c69321c247f153\udunits-4.5.5.jar
MD5: 025ffadf77de73601443c8262c995df0
SHA1: d8c8d65ade13666eedcf764889c69321c247f153
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

joda-time-2.2.jar

Description: Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\joda-time\joda-time\2.2\a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d\joda-time-2.2.jar
MD5: 226f5207543c490f10f234e82108b998
SHA1: a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

quartz-2.2.0.jar

Description: Enterprise Job Scheduler

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.quartz-scheduler\quartz\2.2.0\2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8\quartz-2.2.0.jar
MD5: 56d748f33fa07cb50c86eb72f53141b5
SHA1: 2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ehcache-core-2.6.2.jar

Description: This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar
MD5: b6abecd2c01070700a9001b33b94b3f4
SHA1: 3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jcommander-1.35.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.beust\jcommander\1.35\47592e181b0bdbbeb63029e08c5e74f6803c4edd\jcommander-1.35.jar
MD5: 90216444fab67357c5bdf3293b47107e
SHA1: 47592e181b0bdbbeb63029e08c5e74f6803c4edd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sis-storage-0.6.jar

Description:  Provides the interfaces and base classes to be implemented by various storage formats.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-storage\0.6\1996e6209d309380cd191d4483ca19cc25c30fe3\sis-storage-0.6.jar
MD5: b30f631ab68b989fa35b23f5d6165d30
SHA1: 1996e6209d309380cd191d4483ca19cc25c30fe3
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

sis-referencing-0.6.jar

Description:  Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-referencing\0.6\ca59408047b7c3685661959b5858297e047a4046\sis-referencing-0.6.jar
MD5: e7cb42c4330b3e9ebd8e91cf8bbaa028
SHA1: ca59408047b7c3685661959b5858297e047a4046
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jsr-275-0.9.3.jar

Description:  JSR-275 specifies Java packages for the programmatic handling of physical quantities and their expression as numbers of units.

License:

Specification License: LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.measure\jsr-275\0.9.3\ab2fb094fc5297ae5636ef6ed0d6051d5a656588\jsr-275-0.9.3.jar
MD5: e7a135baa55ec464055d75e4fd4d6b6f
SHA1: ab2fb094fc5297ae5636ef6ed0d6051d5a656588
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-dom-1.9.jar

Description: Batik DOM implementation

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-dom\1.9\96e8edbf08358f84f7c9dc5778797203f0feb59c\batik-dom-1.9.jar
MD5: de7ac1eeb6416664866c3bc38dea382d
SHA1: 96e8edbf08358f84f7c9dc5778797203f0feb59c
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-parser-1.9.jar

Description: Batik SVG microsyntax parser

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-parser\1.9\1f57aca8fc9f47431bf637a34097e3797458a211\batik-parser-1.9.jar
MD5: 466131d33a88dbc33e6749d48ce67d9d
SHA1: 1f57aca8fc9f47431bf637a34097e3797458a211
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-util-1.9.jar

Description: Batik utility library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-util\1.9\c96247c6b0b4909b0a515577f67622e9190b8f8\batik-util-1.9.jar
MD5: eef37ed42ae3361265182ad91ef0ed93
SHA1: 0c96247c6b0b4909b0a515577f67622e9190b8f8
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xml-apis-1.3.04.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis\1.3.04\90b215f48fe42776c8c7f6e3509ec54e84fd65ef\xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • compile

Identifiers

xml-apis-ext-1.3.04.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis-ext\1.3.04\41a8b86b358e87f3f13cf46069721719105aff66\xml-apis-ext-1.3.04.jar
MD5: bcb07d3b8d2397db7a3013b6465d347b
SHA1: 41a8b86b358e87f3f13cf46069721719105aff66
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-anim-1.9.jar

Description: Batik animation engine

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-anim\1.9\bf5a87c6647e4b0c454facc0278c64f4199717fc\batik-anim-1.9.jar
MD5: 3506913fc472df9efa371e932a70c8ef
SHA1: bf5a87c6647e4b0c454facc0278c64f4199717fc
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-script-1.9.jar

Description: Batik script language support

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-script\1.9\4476562c724df213cd44d4ee292e1438d04cb7a7\batik-script-1.9.jar
MD5: a2290d86577d3d2fdeb7ac2f43a5d423
SHA1: 4476562c724df213cd44d4ee292e1438d04cb7a7
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-xml-1.9.jar

Description: Batik XML utilities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-xml\1.9\ea56fceb9d20e5edf416651135e027fc8fbdb45f\batik-xml-1.9.jar
MD5: 084059f1d06d477dd35b59193a7ec4cf
SHA1: ea56fceb9d20e5edf416651135e027fc8fbdb45f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xalan-2.7.2.jar

Description:  Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program.

File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\xalan\2.7.2\d55d3f02a56ec4c25695fe67e1334ff8c2ecea23\xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: xalan:xalan:2.7.2    Confidence:Highest
  • cpe: cpe:/a:apache:xalan-java:2.7.2   Confidence:Low   

batik-svggen-1.9.jar

Description: Batik Java2D SVG generator

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svggen\1.9\2c401640b2006df659df1fd21888c7b8c3d3ecec\batik-svggen-1.9.jar
MD5: e906d73f52349a526a602bfbf2459335
SHA1: 2c401640b2006df659df1fd21888c7b8c3d3ecec
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ws-commons-util-1.0.2.jar

Description:  This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.util\ws-commons-util\1.0.2\3f478e6def772c19d1053f61198fa1f6a6119238\ws-commons-util-1.0.2.jar
MD5: e0d2efe441e2dec803c7749c10725f61
SHA1: 3f478e6def772c19d1053f61198fa1f6a6119238
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

nekohtml-1.9.16.jar

Description: An HTML parser and tag balancer.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sourceforge.nekohtml\nekohtml\1.9.16\61e35204e5a8fdb864152f84e2e3b33ab56f50ab\nekohtml-1.9.16.jar
MD5: 30f85f202157f9967edf39bed7df5fbb
SHA1: 61e35204e5a8fdb864152f84e2e3b33ab56f50ab
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-httpclient-3.1.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-httpclient\commons-httpclient\3.1\964cd74171f427720480efdec40a7c7f6e58426a\commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:httpclient:3.1   Confidence:Low   
  • cpe: cpe:/a:apache:commons-httpclient:3.1   Confidence:Low   
  • maven: commons-httpclient:commons-httpclient:3.1    Confidence:Highest

CVE-2012-6153  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Vulnerable Software & Versions: (show all)

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

axis-1.4.jar

Description:  An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis\axis\1.4\94a9ce681a42d0352b3ad22659f67835e560d107\axis-1.4.jar
MD5: 03dcfdd88502505cc5a805a128bfdd8d
SHA1: 94a9ce681a42d0352b3ad22659f67835e560d107
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2012-5784  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

CVE-2014-3596  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vulnerable Software & Versions: (show all)

commons-discovery-0.5.jar

Description: The Apache Commons Discovery component is about discovering, or finding, implementations for pluggable interfaces.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-discovery\commons-discovery\0.5\3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8\commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.birt.runtime-4.4.1.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.birt.runtime\4.4.1\d7f5495359184868842e469c1929109a0f69d87a\org.eclipse.birt.runtime-4.4.1.jar
MD5: bf28ed4bebc04a32e84e8982d80fa9fd
SHA1: d7f5495359184868842e469c1929109a0f69d87a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

tomcat-embed-core-8.5.23.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-core\8.5.23\79261793a47f507890ee08f749b9d81774e4f7f0\tomcat-embed-core-8.5.23.jar
MD5: ae9430c1a4fc4d0d8eee4f33f2f4da00
SHA1: 79261793a47f507890ee08f749b9d81774e4f7f0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

person-directory-impl-1.5.0-RC5.jar

Description: Provides implementations of the Person Directory API that have the capability of aggregating attributes from multiple data sources into a single view.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-impl\1.5.0-RC5\512831d6195409f9de30bcd06e1a3ce31fc4304f\person-directory-impl-1.5.0-RC5.jar
MD5: 05082275b6865cad22812017040483e2
SHA1: 512831d6195409f9de30bcd06e1a3ce31fc4304f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jdom-1.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\jdom\jdom\1.0\a2ac1cd690ab4c80defe7f9bce14d35934c35cec\jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

spring-orm-2.5.6.SEC01.jar

Description: Spring Framework: ORM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-orm\2.5.6.SEC01\255bd5a5d6d456792bb928e1cced60755f1fe513\spring-orm-2.5.6.SEC01.jar
MD5: cfb974095eb2430ba94a1137a4ee2313
SHA1: 255bd5a5d6d456792bb928e1cced60755f1fe513
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-orm:2.5.6.SEC01    Confidence:Highest

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-jdbc-2.5.6.SEC01.jar

Description: Spring Framework: JDBC

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-jdbc\2.5.6.SEC01\74f28b32f9678dd3093643a268af767ddfcc337d\spring-jdbc-2.5.6.SEC01.jar
MD5: c07e1949e888106ff976e0d8f3d2d594
SHA1: 74f28b32f9678dd3093643a268af767ddfcc337d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-jdbc:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-webmvc-2.5.6.SEC01.jar

Description: Spring Framework: Web MVC

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webmvc\2.5.6.SEC01\1a48edcf8dcfc76882c821931eb0529db9af5d9b\spring-webmvc-2.5.6.SEC01.jar
MD5: 843c40ce4f66dc53e6fa635aff914933
SHA1: 1a48edcf8dcfc76882c821931eb0529db9af5d9b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-webmvc:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

hibernate-annotations-3.3.1.GA.jar

Description: Annotations metadata for Hibernate

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-annotations\3.3.1.GA\2083b277c76037253189d17e68ba86d2da478440\hibernate-annotations-3.3.1.GA.jar
MD5: ac93aaf6dad9f72e1ca73eb4069b4cd0
SHA1: 2083b277c76037253189d17e68ba86d2da478440
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmlsec-1.4.3.jar

Description:  Apache XML Security supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the Java library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.santuario\xmlsec\1.4.3\22629b7c6b25352c25be97d0839460fef58ec533\xmlsec-1.4.3.jar
MD5: 16a2d033196888c83e06ac9dda7f88de
SHA1: 22629b7c6b25352c25be97d0839460fef58ec533
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2013-4517  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

Vulnerable Software & Versions: (show all)

opensaml-1.1b.jar

Description:  The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML).

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opensaml\opensaml\1.1b\21ec22368b6baa211a29887e162aa4cf9a8f3c60\opensaml-1.1b.jar
MD5: b540669844849b8d8fad3336edf41dca
SHA1: 21ec22368b6baa211a29887e162aa4cf9a8f3c60
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2013-6440  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

Vulnerable Software & Versions: (show all)

persistence-api-1.0.jar

Description:  The Enterprise JavaBeans architecture is a component architecture for the development and deployment of component-based business applications. The purpose of Enterprise JavaBeans (EJB) 3.0 is to improve the EJB architecture by reducing its complexity from the developer's point of view.

License:

Common Development and Distribution License (CDDL) v1.0: http://www.sun.com/cddl/cddl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.persistence\persistence-api\1.0\5725f57873e05e068803e2bf9d5a8ea3740ffec5\persistence-api-1.0.jar
MD5: aeb56ad8210370d0cd5c0e995eb0d16c
SHA1: 5725f57873e05e068803e2bf9d5a8ea3740ffec5
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmldsig-1.0.jar

License:

hynnet.com: http://www.hynnet.com/licenses/LICENSE-1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml\xmldsig\1.0\9312ad67022b4dec8df8689d0b7dbac9cd612525\xmldsig-1.0.jar
MD5: 563644fef6e9f3c8c5d78b84b4a5b95a
SHA1: 9312ad67022b4dec8df8689d0b7dbac9cd612525
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-8137  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Vulnerable Software & Versions:

CVE-2014-8157  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Vulnerable Software & Versions:

CVE-2014-8158  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Vulnerable Software & Versions:

CVE-2014-9029  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

Vulnerable Software & Versions:

CVE-2015-5221  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-416 Use After Free

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Vulnerable Software & Versions:

CVE-2016-10248  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

Vulnerable Software & Versions:

CVE-2016-10249  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

Vulnerable Software & Versions:

CVE-2016-10250  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

Vulnerable Software & Versions:

CVE-2016-10251  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

Vulnerable Software & Versions:

CVE-2016-1577  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

Vulnerable Software & Versions:

CVE-2016-2116  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

Vulnerable Software & Versions:

CVE-2016-8690  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

Vulnerable Software & Versions:

CVE-2016-8691  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-369 Divide By Zero

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Vulnerable Software & Versions:

CVE-2016-8692  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-369 Divide By Zero

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

Vulnerable Software & Versions:

CVE-2016-8693  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

Vulnerable Software & Versions:

CVE-2016-8882  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-8883  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-8885  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

Vulnerable Software & Versions:

CVE-2016-8886  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

Vulnerable Software & Versions:

CVE-2016-8887  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

Vulnerable Software & Versions:

CVE-2016-9262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

Vulnerable Software & Versions:

CVE-2016-9387  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

Vulnerable Software & Versions:

CVE-2016-9389  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

Vulnerable Software & Versions:

CVE-2016-9390  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

Vulnerable Software & Versions:

CVE-2016-9391  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

Vulnerable Software & Versions:

CVE-2016-9392  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-9394  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-9395  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-9396  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2016-9398  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2016-9557  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Vulnerable Software & Versions:

CVE-2016-9560  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

Vulnerable Software & Versions:

CVE-2017-6850  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Vulnerable Software & Versions:

CVE-2017-6851  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-125 Out-of-bounds Read

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

Vulnerable Software & Versions:

CVE-2017-6852  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

Vulnerable Software & Versions:

inspektr-core-0.7.0.jar

Description: Inspektr Core

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.inspektr\inspektr-core\0.7.0\1d6851b0970de19593e8cdcbf7e593ca5c2db324\inspektr-core-0.7.0.jar
MD5: 36528ac75d74ab43a13aad6055146d60
SHA1: 1d6851b0970de19593e8cdcbf7e593ca5c2db324
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.inspektr:inspektr-core:0.7.0   Confidence:Highest

spring-webflow-1.0.6.jar

Description: Spring Web Flow

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webflow\1.0.6\73a9cef54005fe7c23947f13300eb0e0bf0f265a\spring-webflow-1.0.6.jar
MD5: 29723d7337b93020528ced714cf7a364
SHA1: 73a9cef54005fe7c23947f13300eb0e0bf0f265a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:pivotal:spring_web_flow:1.0.6   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:springsource:spring_framework:1.0.6   Confidence:Low   
  • maven: org.springframework:spring-webflow:1.0.6    Confidence:Highest

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

lucene-queries-7.1.0.jar

Description: Lucene Queries Module

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queries\7.1.0\1554920ab207a3245fa408d022a5c90ad3a1fea3\lucene-queries-7.1.0.jar
MD5: 72bc3196047a59b33785440b03d43d74
SHA1: 1554920ab207a3245fa408d022a5c90ad3a1fea3
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-sandbox-7.1.0.jar

Description: Lucene Sandbox

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-sandbox\7.1.0\691f7b9ac05f3ad2ac7e80733ef70247904bd3ae\lucene-sandbox-7.1.0.jar
MD5: f20f2a24fb341e881da0fe6476e5d5f6
SHA1: 691f7b9ac05f3ad2ac7e80733ef70247904bd3ae
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xmlbeans-2.6.0.jar

Description: XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlbeans\xmlbeans\2.6.0\29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87\xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-analyzers-kuromoji-7.1.0.jar

Description:  Lucene Kuromoji Japanese Morphological Analyzer

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-kuromoji\7.1.0\a2ca81efc31d857fa2ade104dcdb3fed20c95ea0\lucene-analyzers-kuromoji-7.1.0.jar
MD5: 0075b59c0abdda7ed1469f2e584a951a
SHA1: a2ca81efc31d857fa2ade104dcdb3fed20c95ea0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-analyzers-phonetic-7.1.0.jar

Description:  Provides phonetic encoding via Commons Codec.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-phonetic\7.1.0\42058220ada77c4c5340e8383f62a4398e10a8ce\lucene-analyzers-phonetic-7.1.0.jar
MD5: 24547f636c3636bfcb23ff6c948e7fd9
SHA1: 42058220ada77c4c5340e8383f62a4398e10a8ce
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-backward-codecs-7.1.0.jar

Description:  Codecs for older versions of Lucene.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-backward-codecs\7.1.0\804a7ce82bba3d085733486bfde4846ecb77ce01\lucene-backward-codecs-7.1.0.jar
MD5: bc35ee793edb587b4c88709785163377
SHA1: 804a7ce82bba3d085733486bfde4846ecb77ce01
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-classification-7.1.0.jar

Description: Lucene Classification

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-classification\7.1.0\900b0195bb95adb773a23e87319bbfe41d312283\lucene-classification-7.1.0.jar
MD5: 59b570055252ddd34df2c75995fa2ba0
SHA1: 900b0195bb95adb773a23e87319bbfe41d312283
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-codecs-7.1.0.jar

Description:  Codecs and postings formats for Apache Lucene.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-codecs\7.1.0\b487621541f5a17946cf1ed634e5f48c802c6d28\lucene-codecs-7.1.0.jar
MD5: 3a38b7059f76048a180c1ee1206494ba
SHA1: b487621541f5a17946cf1ed634e5f48c802c6d28
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-expressions-7.1.0.jar

Description:  Dynamically computed values to sort/facet/search on based on a pluggable grammar.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-expressions\7.1.0\714927eb1d1db641bff9aa658e7e112c368f3e6d\lucene-expressions-7.1.0.jar
MD5: 53770687f1ea2a2d9ac426cb764bbdda
SHA1: 714927eb1d1db641bff9aa658e7e112c368f3e6d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-grouping-7.1.0.jar

Description: Lucene Grouping Module

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-grouping\7.1.0\732d16c16421fca058a2a07ca4081ec7696365b\lucene-grouping-7.1.0.jar
MD5: c123dcc588610ac2eaab205c97ddecf0
SHA1: 0732d16c16421fca058a2a07ca4081ec7696365b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-highlighter-7.1.0.jar

Description:  This is the highlighter for apache lucene java

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-highlighter\7.1.0\596550daabae765ad685112e0fe7c4f0fdfccb3f\lucene-highlighter-7.1.0.jar
MD5: 1c120c9eef825b5361a17ecc5762de84
SHA1: 596550daabae765ad685112e0fe7c4f0fdfccb3f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-join-7.1.0.jar

Description: Lucene Join Module

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-join\7.1.0\5f26dd64c195258a81175772ef7fe105e7d60a26\lucene-join-7.1.0.jar
MD5: 1ba5daa56d970332cb818c825edf0615
SHA1: 5f26dd64c195258a81175772ef7fe105e7d60a26
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-memory-7.1.0.jar

Description:  High-performance single-document index to compare against Query

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-memory\7.1.0\3ef64c58d0c09ca40d848efa96b585b7476271f2\lucene-memory-7.1.0.jar
MD5: de862f74bb125a6fb87f5b45a6774b45
SHA1: 3ef64c58d0c09ca40d848efa96b585b7476271f2
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-misc-7.1.0.jar

Description: Miscellaneous Lucene extensions

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-misc\7.1.0\1496ee5fa62206ee5ddf51042a340d6a9ee3b5de\lucene-misc-7.1.0.jar
MD5: 6e21bc419fdcec2e1f4ef5ad4b1010e0
SHA1: 1496ee5fa62206ee5ddf51042a340d6a9ee3b5de
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-spatial-extras-7.1.0.jar

Description:  Advanced Spatial Shape Strategies for Apache Lucene

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial-extras\7.1.0\3f1bc1aada8f06b176b782da24b9d7ad9641c41a\lucene-spatial-extras-7.1.0.jar
MD5: 2963d683f65675c64dc53d2c7879cd9e
SHA1: 3f1bc1aada8f06b176b782da24b9d7ad9641c41a
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-spatial3d-7.1.0.jar

Description:  Lucene Spatial shapes implemented using 3D planar geometry

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial3d\7.1.0\8ded650aed23efb775f17be496e3e3870214e23b\lucene-spatial3d-7.1.0.jar
MD5: 7099b53ac62fef4abc98897b2a2432ac
SHA1: 8ded650aed23efb775f17be496e3e3870214e23b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

lucene-suggest-7.1.0.jar

Description: Lucene Suggest Module

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-suggest\7.1.0\8d0ed1589ebdccf34e888c6efc0134a13a238c85\lucene-suggest-7.1.0.jar
MD5: f7c96c4ef1a88527c188e3c064c8e34d
SHA1: 8d0ed1589ebdccf34e888c6efc0134a13a238c85
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

solr-solrj-7.1.0.jar

Description: Apache Solr Solrj

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-solrj\7.1.0\c5bf57d39ca250daba668720e38abec2caab3569\solr-solrj-7.1.0.jar
MD5: 8dbb997db36ccfe1fc4ec278d4350fac
SHA1: c5bf57d39ca250daba668720e38abec2caab3569
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hppc-0.7.1.jar

Description: High Performance Primitive Collections. Fundamental data structures (maps, sets, lists, stacks, queues) generated for combinations of object and primitive types to conserve JVM memory and speed up execution.

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.carrotsearch\hppc\0.7.1\8b5057f74ea378c0150a1860874a3ebdcb713767\hppc-0.7.1.jar
MD5: 2ff89be5b49144c330190cf7137c3a26
SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackson-dataformat-smile-2.5.4.jar

Description: Support for reading and writing Smile ("binary JSON") encoded data using Jackson abstractions (streaming API, data binding, tree model)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.dataformat\jackson-dataformat-smile\2.5.4\db0c5f1b6e16cb5f5e0505abfcd4b36f3e8bfdc6\jackson-dataformat-smile-2.5.4.jar
MD5: a3868ca8efddfec575b139f574e21dc2
SHA1: db0c5f1b6e16cb5f5e0505abfcd4b36f3e8bfdc6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

caffeine-2.4.0.jar

Description: A high performance caching library for Java 8+

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.ben-manes.caffeine\caffeine\2.4.0\5aa8bbb851b1ad403cc140094ba4a25998369efe\caffeine-2.4.0.jar
MD5: 88d83922414143f7c3c1d12b83ca4d7b
SHA1: 5aa8bbb851b1ad403cc140094ba4a25998369efe
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

t-digest-3.1.jar

Description: Data structure which allows accurate estimation of quantiles and related rank statistics

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.tdunning\t-digest\3.1\451ed219688aed5821a789428fd5e10426d11312\t-digest-3.1.jar
MD5: ba0c00142170b71bd3ae17d2d7e4e38b
SHA1: 451ed219688aed5821a789428fd5e10426d11312
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: Z:\Gradle\caches\modules-2\files-2.1\dom4j\dom4j\1.6.1\5d3ccc056b6f056dbf0dddfdf43894b9065a8f94\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

gmetric4j-1.0.7.jar

Description: JVM instrumentation to Ganglia

License:

The MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\info.ganglia.gmetric4j\gmetric4j\1.0.7\37a1cb0d8821cad9bd33f1ce454459fed18efa44\gmetric4j-1.0.7.jar
MD5: ae36017546569c0312ba11f7b8c369c3
SHA1: 37a1cb0d8821cad9bd33f1ce454459fed18efa44
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metrics-core-3.2.2.jar

Description:  Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-core\3.2.2\cd9886f498ee2ab2d994f0c779e5553b2c450416\metrics-core-3.2.2.jar
MD5: da529999d5083e800829eaab432a8a54
SHA1: cd9886f498ee2ab2d994f0c779e5553b2c450416
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metrics-ganglia-3.2.2.jar

Description:  A reporter for Metrics which announces measurements to a Ganglia cluster.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-ganglia\3.2.2\d5bb1883e9b0daf0e4187e558746f5058f4585c1\metrics-ganglia-3.2.2.jar
MD5: 6998771417e4efe002eaa0f82bd939fb
SHA1: d5bb1883e9b0daf0e4187e558746f5058f4585c1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metrics-graphite-3.2.2.jar

Description:  A reporter for Metrics which announces measurements to a Graphite server.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-graphite\3.2.2\908e8cbec1bbdb2f4023334e424c7de2832a95af\metrics-graphite-3.2.2.jar
MD5: ba2f49e74fbfbdbb36045755684f896e
SHA1: 908e8cbec1bbdb2f4023334e424c7de2832a95af
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metrics-jetty9-3.2.2.jar

Description:  A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jetty9\3.2.2\3fc94d99f41dc3f5be5483c81828138104df4449\metrics-jetty9-3.2.2.jar
MD5: 42a436bbd0e679c9e1737ab7bf5dcf75
SHA1: 3fc94d99f41dc3f5be5483c81828138104df4449
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

metrics-jvm-3.2.2.jar

Description:  A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.

License:

http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jvm\3.2.2\9cbf2030242f7ffb97fae23f8a81421eb8d4ad45\metrics-jvm-3.2.2.jar
MD5: 628535c45f493ea53527258e1ddbfe8b
SHA1: 9cbf2030242f7ffb97fae23f8a81421eb8d4ad45
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

eigenbase-properties-1.1.5.jar

Description: Type-safe access to Java system properties

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.hydromatic\eigenbase-properties\1.1.5\a941956b3a4664d0cf728ece06ba25cc2110a3aa\eigenbase-properties-1.1.5.jar
MD5: 74250b1aa57ff13507bf28c09e5299eb
SHA1: a941956b3a4664d0cf728ece06ba25cc2110a3aa
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

antlr4-runtime-4.5.1-1.jar

Description: The ANTLR 4 Runtime

License:

http://www.antlr.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.antlr\antlr4-runtime\4.5.1-1\66144204f9d6d7d3f3f775622c2dd7e9bd511d97\antlr4-runtime-4.5.1-1.jar
MD5: c57e3c5fd251603e1d815ec1d6fde69b
SHA1: 66144204f9d6d7d3f3f775622c2dd7e9bd511d97
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

calcite-core-1.13.0.jar

Description: Core Calcite APIs and engine.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-core\1.13.0\1e7995aa0afe4c27a12e7b320a2938dcf05d9581\calcite-core-1.13.0.jar
MD5: 29b1ddb56d998c4503737088f49074e7
SHA1: 1e7995aa0afe4c27a12e7b320a2938dcf05d9581
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

calcite-linq4j-1.13.0.jar

Description: Calcite APIs for LINQ (Language-Integrated Query) in Java

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-linq4j\1.13.0\96c814d27516cf48d439277300252bfb2b00486f\calcite-linq4j-1.13.0.jar
MD5: 6537b031565b9c7f0dea69953f93e0d6
SHA1: 96c814d27516cf48d439277300252bfb2b00486f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

avatica-core-1.10.0.jar

Description: JDBC driver framework.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite.avatica\avatica-core\1.10.0\82280b09d490c7e4981b5af2d79fcf55efbe6144\avatica-core-1.10.0.jar
MD5: de761b429df2ea4988155ba48fb8c225
SHA1: 82280b09d490c7e4981b5af2d79fcf55efbe6144
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-lang3-3.6.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-lang3\3.6\9d28a6b23650e8a7e9063c04588ace6cf7012c17\commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

curator-client-2.8.0.jar

Description: Low-level API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-client\2.8.0\84feebaa8526f4984566f6a32f55d7689800acf9\curator-client-2.8.0.jar
MD5: c9092076fe5ede652f89465d6a859dfa
SHA1: 84feebaa8526f4984566f6a32f55d7689800acf9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

curator-framework-2.8.0.jar

Description: High-level API that greatly simplifies using ZooKeeper.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-framework\2.8.0\f8edc9156084ad19ae50ae5958bf218a08351834\curator-framework-2.8.0.jar
MD5: 1ef0e8c00272ceba66741ee16773c5cd
SHA1: f8edc9156084ad19ae50ae5958bf218a08351834
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-0085  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2016-5017  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

curator-recipes-2.8.0.jar

Description: All of the recipes listed on the ZooKeeper recipes doc (except two phase commit).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-recipes\2.8.0\c563e25fb37f85a6b029bc9746e75573640474fb\curator-recipes-2.8.0.jar
MD5: d0cda7ac1d3317646df990366d89110b
SHA1: c563e25fb37f85a6b029bc9746e75573640474fb
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-0085  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

CVE-2016-5017  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

hadoop-annotations-2.7.4.jar

Description: Apache Hadoop Annotations

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-annotations\2.7.4\d8e0a3abcc3fb46e1418b99d6d1328a95d9bd7b1\hadoop-annotations-2.7.4.jar
MD5: 6fe58898886aebb11e761f75bdc3f237
SHA1: d8e0a3abcc3fb46e1418b99d6d1328a95d9bd7b1
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hadoop-auth-2.7.4.jar

Description: Apache Hadoop Auth - Java HTTP SPNEGO

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-auth\2.7.4\a2d5d89a6acfb11dd1a125e86b84fcef549483ae\hadoop-auth-2.7.4.jar
MD5: 13dc9913ede3dfc6d95f3a7c5dffd659
SHA1: a2d5d89a6acfb11dd1a125e86b84fcef549483ae
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hadoop-common-2.7.4.jar

Description: Apache Hadoop Common

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-common\2.7.4\9afa8d2004a0bbd930d1ac10d221d927917067be\hadoop-common-2.7.4.jar
MD5: ac17600d1fb51ada7fd2e677ce708005
SHA1: 9afa8d2004a0bbd930d1ac10d221d927917067be
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hadoop-hdfs-2.7.4.jar

Description: Apache Hadoop HDFS

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-hdfs\2.7.4\3e1414e3ae47e97f66b2eb904d3ec6c50a3e29d0\hadoop-hdfs-2.7.4.jar
MD5: e18f429b60662b724cad080b834717a3
SHA1: 3e1414e3ae47e97f66b2eb904d3ec6c50a3e29d0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

htrace-core-3.2.0-incubating.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core\3.2.0-incubating\8797cf3230f01e8724ef27a0ed565dabb6998c64\htrace-core-3.2.0-incubating.jar
MD5: 0b1b1a63aca83a11545de49218a251bf
SHA1: 8797cf3230f01e8724ef27a0ed565dabb6998c64
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

zookeeper-3.4.10.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.zookeeper\zookeeper\3.4.10\8eebdbb7a9df83e02eaa42d0e5da0b57bf2e4da\zookeeper-3.4.10.jar
MD5: 550ce0afeb92ef4a75f194b143e23995
SHA1: 08eebdbb7a9df83e02eaa42d0e5da0b57bf2e4da
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-0085  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

jackson-core-asl-1.9.13.jar

Description: Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.jackson\jackson-core-asl\1.9.13\3c304d70f42f832e0a86d45bd437f692129299a4\jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackson-mapper-asl-1.9.13.jar

Description: Data Mapper package is a high-performance data binding package built on Jackson JSON processor

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.jackson\jackson-mapper-asl\1.9.13\1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7\jackson-mapper-asl-1.9.13.jar
MD5: 1750f9c339352fc4b728d61b57171613
SHA1: 1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-compiler-2.7.6.jar

Description: Janino is a super-small, super-fast Java compiler.

License:

http://dist.codehaus.org/janino/new_bsd_license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\commons-compiler\2.7.6\b71e76d942b33dfa26e4e3047ff2a774d1f917b4\commons-compiler-2.7.6.jar
MD5: b729cc841ca68ecf82dd8b035196a28a
SHA1: b71e76d942b33dfa26e4e3047ff2a774d1f917b4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

janino-2.7.6.jar

Description: Janino is a super-small, super-fast Java compiler.

License:

http://dist.codehaus.org/janino/new_bsd_license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\janino\2.7.6\37fde5de7edd5d7ebe075f03f4c083df2ac73dd8\janino-2.7.6.jar
MD5: 887a4a895315470f4ddf3203ef4cb115
SHA1: 37fde5de7edd5d7ebe075f03f4c083df2ac73dd8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

stax2-api-3.1.4.jar

Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\stax2-api\3.1.4\ac19014b1e6a7c08aad07fe114af792676b685b7\stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jetty-continuation-9.3.20.v20170531.jar

Description: Asynchronous API

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-continuation\9.3.20.v20170531\176f1ef8366257e7b6214c3bbd710cf47593135\jetty-continuation-9.3.20.v20170531.jar
MD5: 1c28d7cd2ce53efa5987cca2de2130b9
SHA1: 0176f1ef8366257e7b6214c3bbd710cf47593135
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-deploy-9.3.20.v20170531.jar

Description: Jetty deployers

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-deploy\9.3.20.v20170531\160c0cefd2fddacd040c41801f40a5a372a9302c\jetty-deploy-9.3.20.v20170531.jar
MD5: c88b2f7b4325dbd296c476276b99537c
SHA1: 160c0cefd2fddacd040c41801f40a5a372a9302c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-deploy:9.3.20.v20170531    Confidence:Highest
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-http-9.3.20.v20170531.jar

Description: Jetty module for Jetty :: Http Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-http\9.3.20.v20170531\32f5fe22ed468a49df1ffcbb27c39c1b53f261aa\jetty-http-9.3.20.v20170531.jar
MD5: b9ea5e7cd37d187fed052609265f53d0
SHA1: 32f5fe22ed468a49df1ffcbb27c39c1b53f261aa
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.eclipse.jetty:jetty-http:9.3.20.v20170531    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-io-9.3.20.v20170531.jar

Description: Jetty module for Jetty :: IO Utility

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-io\9.3.20.v20170531\5b68e7761fcacefcf26ad9ab50943db65fda2c3d\jetty-io-9.3.20.v20170531.jar
MD5: b295516e5fed7cc46742a96200bf288c
SHA1: 5b68e7761fcacefcf26ad9ab50943db65fda2c3d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jetty-jmx-9.3.20.v20170531.jar

Description: JMX management artifact for jetty.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-jmx\9.3.20.v20170531\4a28dd045b8992752ff7727f25cf9e888e9c8c4c\jetty-jmx-9.3.20.v20170531.jar
MD5: 0eb8be3bd9ec96452cfccb1b3e509fd6
SHA1: 4a28dd045b8992752ff7727f25cf9e888e9c8c4c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.eclipse.jetty:jetty-jmx:9.3.20.v20170531    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-rewrite-9.3.20.v20170531.jar

Description: Jetty Rewrite Handler

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-rewrite\9.3.20.v20170531\8fb029863ceb6531ee0e24c59a004f622226217b\jetty-rewrite-9.3.20.v20170531.jar
MD5: 8753b596ebfa613bd71662ec1335febb
SHA1: 8fb029863ceb6531ee0e24c59a004f622226217b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-security-9.3.20.v20170531.jar

Description: Jetty security infrastructure

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-security\9.3.20.v20170531\9e2ded957c05f447a0611fa64ca4ab5f7cc5aa65\jetty-security-9.3.20.v20170531.jar
MD5: 71ce7271d5f56f87302f4c56a9cd82b1
SHA1: 9e2ded957c05f447a0611fa64ca4ab5f7cc5aa65
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-server-9.3.20.v20170531.jar

Description: The core jetty server artifact.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-server\9.3.20.v20170531\6a1523d44ebb527eed068a5c8bfd22edd6a20530\jetty-server-9.3.20.v20170531.jar
MD5: 72bf06940de1eff7f1779aacddb956ec
SHA1: 6a1523d44ebb527eed068a5c8bfd22edd6a20530
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-server:9.3.20.v20170531    Confidence:Highest

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-servlet-9.3.20.v20170531.jar

Description: Jetty Servlet Container

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlet\9.3.20.v20170531\21a698f9d58d03cdf58bf2a40f93de58c2eab138\jetty-servlet-9.3.20.v20170531.jar
MD5: 0c67bc178e97f109a1fa4f550b82d1ff
SHA1: 21a698f9d58d03cdf58bf2a40f93de58c2eab138
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-servlets-9.3.20.v20170531.jar

Description: Utility Servlets from Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlets\9.3.20.v20170531\bb3b1ddc06525eba71c37f51402996502d323a9\jetty-servlets-9.3.20.v20170531.jar
MD5: 4f63a03c7acb7225ed542015a691bc69
SHA1: 0bb3b1ddc06525eba71c37f51402996502d323a9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-util-9.3.20.v20170531.jar

Description: Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-util\9.3.20.v20170531\19ce4203809da37f8ea7a5632704fa71b6f0ccc2\jetty-util-9.3.20.v20170531.jar
MD5: 6718dc66c89f29b787298afe5b08a68f
SHA1: 19ce4203809da37f8ea7a5632704fa71b6f0ccc2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.eclipse.jetty:jetty-util:9.3.20.v20170531    Confidence:Highest
  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-webapp-9.3.20.v20170531.jar

Description: Jetty web application support

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-webapp\9.3.20.v20170531\5b41166ce279c481216501d45c0d0f4f6da23c0b\jetty-webapp-9.3.20.v20170531.jar
MD5: 9003b754b85d1292390339dcf4db140e
SHA1: 5b41166ce279c481216501d45c0d0f4f6da23c0b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-webapp:9.3.20.v20170531    Confidence:Highest
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

jetty-xml-9.3.20.v20170531.jar

Description: The jetty xml utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-xml\9.3.20.v20170531\9f3f158a6a4587c4283561a3a3fc5a187173becf\jetty-xml-9.3.20.v20170531.jar
MD5: d5a8bab27a3ac30cff5e878854844d28
SHA1: 9f3f158a6a4587c4283561a3a3fc5a187173becf
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:eclipse:jetty:9.3.20.v20170531   Confidence:Low   
  • cpe: cpe:/a:jetty:jetty:9.3.20.v20170531   Confidence:Low   
  • maven: org.eclipse.jetty:jetty-xml:9.3.20.v20170531    Confidence:Highest

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

spatial4j-0.6.jar

Description:  Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats like WKT and GeoJSON.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.locationtech.spatial4j\spatial4j\0.6\21b15310bddcfd8c72611c180f20cf23279809a3\spatial4j-0.6.jar
MD5: baaffe1b4800337f0856c6160c255c35
SHA1: 21b15310bddcfd8c72611c180f20cf23279809a3
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

noggit-0.8.jar

Description: Noggit is the world's fastest streaming JSON parser for Java.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.noggit\noggit\0.8\ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f\noggit-0.8.jar
MD5: 6856f2ceab2dd7128595e4659d22d581
SHA1: ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

asm-commons-5.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm-commons\5.1\25d8a575034dd9cfcb375a39b5334f0ba9c8474e\asm-commons-5.1.jar
MD5: 38839fb32c40f7f70986e9c282de0018
SHA1: 25d8a575034dd9cfcb375a39b5334f0ba9c8474e
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.restlet-2.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet\2.3.0\4c5d184e23fa729726668a90dc7338d80c4e7e6f\org.restlet-2.3.0.jar
MD5: 33a94f74de95421b4938dfecb0029ab1
SHA1: 4c5d184e23fa729726668a90dc7338d80c4e7e6f
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.restlet.jee:org.restlet:2.3.0   Confidence:Highest
  • cpe: cpe:/a:restlet:restlet_framework:2.3.0   Confidence:Low   
  • cpe: cpe:/a:restlet:restlet:2.3.0   Confidence:Low   

org.restlet.ext.servlet-2.3.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet.ext.servlet\2.3.0\9303e20d0397c0304342943560c3a1693fd7ce7d\org.restlet.ext.servlet-2.3.0.jar
MD5: e81ab1a31fdd07ac02c576086201b2da
SHA1: 9303e20d0397c0304342943560c3a1693fd7ce7d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:restlet:restlet_framework:2.3.0   Confidence:Low   
  • cpe: cpe:/a:restlet:restlet:2.3.0   Confidence:Low   
  • maven: org.restlet.jee:org.restlet.ext.servlet:2.3.0   Confidence:Highest

maven-scm-api-1.4.jar

Description: The SCM API provides mechanisms to manage all SCM tools.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-api\1.4\e294693ce217bd6f470b728127854e6ca787fd29\maven-scm-api-1.4.jar
MD5: bc840a6620ec3d3c56ce58b10076cef4
SHA1: e294693ce217bd6f470b728127854e6ca787fd29
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

maven-scm-provider-svnexe-1.4.jar

Description: Executable library for SCM SVN Provider.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-provider-svnexe\1.4\b3213b40157b701ba079b738baac391e41418c18\maven-scm-provider-svnexe-1.4.jar
MD5: 6624c9c3324f88619205c2b8c60e583b
SHA1: b3213b40157b701ba079b738baac391e41418c18
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

javax.ws.rs-api-2.0.1.jar

Description: Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.ws.rs\javax.ws.rs-api\2.0.1\104e9c2b5583cfcfeac0402316221648d6d8ea6b\javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:restful_web_services_project:restful_web_services:2.0.1   Confidence:Low   
  • maven: javax.ws.rs:javax.ws.rs-api:2.0.1    Confidence:Highest
  • cpe: cpe:/a:restful_project:restful:2.0.1   Confidence:Low   

javax.annotation-api-1.2.jar

Description: Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.annotation\javax.annotation-api\1.2\479c1e06db31c432330183f5cae684163f186146\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

c3p0-0.9.1.1.jar

Description:  c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\c3p0\c3p0\0.9.1.1\302704f30c6e7abb7a0457f7771739e03c973e80\c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-constants-1.9.jar

Description: Batik constants library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-constants\1.9\24cae622672dedddd18951b193a83c12bfe33241\batik-constants-1.9.jar
MD5: 7df1523bd6e051d785cff2b8c7ef1d8f
SHA1: 24cae622672dedddd18951b193a83c12bfe33241
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-i18n-1.9.jar

Description: Batik i18n library

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-i18n\1.9\c83bf01767ec26ad24df7277d2dc845c3f4fe0f2\batik-i18n-1.9.jar
MD5: b041c490132ce981ebaf9d037c57f531
SHA1: c83bf01767ec26ad24df7277d2dc845c3f4fe0f2
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.core.expressions-3.4.500.v20130515-1343.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.expressions\3.4.500.v20130515-1343\97cc20cce87af191fc620562ab74b1cde95947fd\org.eclipse.core.expressions-3.4.500.v20130515-1343.jar
MD5: 20da519a750933fa70944f49f2cc8ffd
SHA1: 97cc20cce87af191fc620562ab74b1cde95947fd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.xmi\2.10.1.v20140901-1043\2a524cbae6c0ad0410c89270eb928ad90f75c95e\org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar
MD5: 47a6f6ebfb8ae5ed9c82360f8d670683
SHA1: 2a524cbae6c0ad0410c89270eb928ad90f75c95e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.design\3.3.6.v201212070447\bce1829458bb7c58200cb72c045d48e82702d0a8\org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar
MD5: adda38edf0bc609098de5f74d24de2e3
SHA1: bce1829458bb7c58200cb72c045d48e82702d0a8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.xml\1.2.5.v201305031101\b5be50518c251d4c022959aeb6f871d6fea33fcc\org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar
MD5: 58849f828c50fff8ef3e9be4ac636508
SHA1: b5be50518c251d4c022959aeb6f871d6fea33fcc
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.ws\1.2.6.v201403131825\cc7814580f2fb5890c54681fec0f98b3e1386b51\org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar
MD5: f38bc06778ddbd8297a522d6907f780b
SHA1: cc7814580f2fb5890c54681fec0f98b3e1386b51
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.core.runtime-3.9.0.v20130326-1255.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.runtime\3.9.0.v20130326-1255\47eedfa6e872020604db4b2e1949aa6ca273ac6a\org.eclipse.core.runtime-3.9.0.v20130326-1255.jar
MD5: 0dde7c81b2e6278cdd4a4b4821a54419
SHA1: 47eedfa6e872020604db4b2e1949aa6ca273ac6a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.equinox.app-1.3.100.v20130327-1442.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.app\1.3.100.v20130327-1442\cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782\org.eclipse.equinox.app-1.3.100.v20130327-1442.jar
MD5: 2f4d4cc26c71bd7383fd9b7762ed57ae
SHA1: cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

com.ibm.icu-50.1.1.v201304230130.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\com.ibm.icu\50.1.1.v201304230130\ff82137ba65f8676355452edc0ca57975d1b69f4\com.ibm.icu-50.1.1.v201304230130.jar
MD5: cc9d48d40fd8c18a2c4603e8403d6df6
SHA1: ff82137ba65f8676355452edc0ca57975d1b69f4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.registry\3.5.400.v20140428-1507\897775850f15e1595464bbff11562583b8132499\org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar
MD5: b31d9c600f764fdcafacdef1ba72cb91
SHA1: 897775850f15e1595464bbff11562583b8132499
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC\1.0.1.v201107221459\1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar
MD5: 6fdf12a21f1fed08aa2588709699aba1
SHA1: 1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.osgi-3.10.1.v20140909-1633.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi\3.10.1.v20140909-1633\e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a\org.eclipse.osgi-3.10.1.v20140909-1633.jar
MD5: 07e3c874013c7228107c5e0f61a942f5
SHA1: e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.emf.common-2.10.1.v20140901-1043.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.common\2.10.1.v20140901-1043\4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70\org.eclipse.emf.common-2.10.1.v20140901-1043.jar
MD5: df980d426f472a019fe8c58f1f420a0b
SHA1: 4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.sqm.core\1.2.8.v201401230755\c0d3d79971a815a4db6c5b009ada4f0f1f44e043\org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar
MD5: 95679c586bf2429199ee06a9ad56a618
SHA1: c0d3d79971a815a4db6c5b009ada4f0f1f44e043
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.consumer\3.2.6.v201305170644\45205c69d334dec54f76f8e2a5cacab8accde588\org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar
MD5: 600a4ccb15bfeb916a514d507e3f6c5d
SHA1: 45205c69d334dec54f76f8e2a5cacab8accde588
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.core.jobs-3.6.0.v20140424-0053.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.jobs\3.6.0.v20140424-0053\e013c919510607d9c8ac5585b66ff4ee5e364ec9\org.eclipse.core.jobs-3.6.0.v20140424-0053.jar
MD5: f9c929dce571e15fb713214d4f067470
SHA1: e013c919510607d9c8ac5585b66ff4ee5e364ec9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition\1.0.4.v201107221502\7ba2ad3443244862426b20f2da73bb78c7223287\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar
MD5: a3575eef5353ab6e216804bb4b99d36e
SHA1: 7ba2ad3443244862426b20f2da73bb78c7223287
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2007-2582  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

Vulnerable Software & Versions:

CVE-2007-3676  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

Vulnerable Software & Versions: (show all)

CVE-2007-5090  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-5652  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

Vulnerable Software & Versions: (show all)

CVE-2008-0699  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-1998  

Severity: High
CVSS Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-3958  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.

Vulnerable Software & Versions: (show all)

CVE-2008-3959  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

Vulnerable Software & Versions: (show all)

CVE-2008-4691  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-4692  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-4693  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

Vulnerable Software & Versions: (show all)

CVE-2009-1239  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

Vulnerable Software & Versions: (show all)

CVE-2009-1905  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2009-2858  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

Vulnerable Software & Versions: (show all)

CVE-2009-2859  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

Vulnerable Software & Versions: (show all)

CVE-2009-2860  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

Vulnerable Software & Versions: (show all)

CVE-2010-1560  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

Vulnerable Software & Versions: (show all)

CVE-2011-0731  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-0757  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

Vulnerable Software & Versions: (show all)

CVE-2011-1373  

Severity: Low
CVSS Score: 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-1846  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions: (show all)

CVE-2011-1847  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions: (show all)

CVE-2012-3324  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Vulnerable Software & Versions: (show all)

org.eclipse.osgi.services-3.3.100.v20130513-1956.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi.services\3.3.100.v20130513-1956\1d73531fac5372870373a06193985611b1239f0c\org.eclipse.osgi.services-3.3.100.v20130513-1956.jar
MD5: 7f7d4198812b01cb7c5a26399af7706f
SHA1: 1d73531fac5372870373a06193985611b1239f0c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.contenttype\3.4.200.v20130326-1255\9a032a98b4b139fa91522b10fdc61ffa9864414\org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar
MD5: ae257d3da2fdc3bdd6391fdfcbe9f752
SHA1: 09a032a98b4b139fa91522b10fdc61ffa9864414
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.change\2.10.0.v20140901-1043\c42c134004940345d45bf8367dae63c871a2420f\org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar
MD5: 374a1da708946f84e519eeed88f7062b
SHA1: c42c134004940345d45bf8367dae63c871a2420f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.profile\3.2.9.v201403131814\2f795c899dac80982e95c9e2d5413ef88031cdab\org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar
MD5: d6c9ad09ad88bc0daf6b3413d14d546b
SHA1: 2f795c899dac80982e95c9e2d5413ef88031cdab
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.filesystem\1.4.0.v20130514-1240\e26398a301d91db6516debe38664239481d4b309\org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar
MD5: 7f664cc54d9bc005c089087c867e6899
SHA1: e26398a301d91db6516debe38664239481d4b309
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity\1.2.11.v201401230755\2e2f258cf40953e97423343786eed44aaef5e207\org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar
MD5: c8631d909028582b83a8df2e9691c6b9
SHA1: 2e2f258cf40953e97423343786eed44aaef5e207
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.preferences\3.5.100.v20130422-1538\bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2\org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar
MD5: fc94bbfa2dcfe6b40cefce0f5a305f3a
SHA1: bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore\2.10.1.v20140901-1043\2da5a93e1d6eb2b6f78f215accc3304209b26104\org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar
MD5: 28268d1878d5c7fc0248e1d24ca372db
SHA1: 2da5a93e1d6eb2b6f78f215accc3304209b26104
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.core.resources-3.9.1.v20140825-1431.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar
MD5: 948716ccf019137b26949aab7d2e72f0
SHA1: 24a0e4b809d9cb102e7bf8123a2844657b916090
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.flatfile\3.1.8.v201403010906\3c62f783f8ac17aca5250f2a640dfd85c1df9178\org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar
MD5: 3e014761ed380e969a586131b8138f5f
SHA1: 3c62f783f8ac17aca5250f2a640dfd85c1df9178
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw\1.0.2.v201107221502\3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d\org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar
MD5: e38c42056dcd4e9928c7f477d936a919
SHA1: 3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2007-2582  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

Vulnerable Software & Versions:

CVE-2007-3676  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

Vulnerable Software & Versions: (show all)

CVE-2007-5090  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2007-5652  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

Vulnerable Software & Versions: (show all)

CVE-2008-0699  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-1998  

Severity: High
CVSS Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

Vulnerable Software & Versions: (show all)

CVE-2008-3958  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.

Vulnerable Software & Versions: (show all)

CVE-2008-3959  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

Vulnerable Software & Versions: (show all)

CVE-2008-4691  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-4692  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2008-4693  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

Vulnerable Software & Versions: (show all)

CVE-2009-1239  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

Vulnerable Software & Versions: (show all)

CVE-2009-1905  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2009-2858  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

Vulnerable Software & Versions: (show all)

CVE-2009-2859  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

Vulnerable Software & Versions: (show all)

CVE-2009-2860  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

Vulnerable Software & Versions: (show all)

CVE-2010-1560  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

Vulnerable Software & Versions: (show all)

CVE-2011-0731  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-0757  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

Vulnerable Software & Versions: (show all)

CVE-2011-1373  

Severity: Low
CVSS Score: 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-1846  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions: (show all)

CVE-2011-1847  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions: (show all)

CVE-2012-3324  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Vulnerable Software & Versions: (show all)

org.eclipse.update.configurator-3.3.200.v20130326-1319.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.update.configurator\3.3.200.v20130326-1319\4375455f2f0bd4f014e79758bbb3d4b7340e2943\org.eclipse.update.configurator-3.3.200.v20130326-1319.jar
MD5: 6af0b597ad8ab9b35422f6170e31b594
SHA1: 4375455f2f0bd4f014e79758bbb3d4b7340e2943
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda\3.4.3.v201405301249\91fa06c7a97275ea799fec9d557fc60def2e443d\org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar
MD5: 27cd0708de3587669ce5757e86d90a42
SHA1: 91fa06c7a97275ea799fec9d557fc60def2e443d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.emf-2.6.0.v20140901-1055.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf\2.6.0.v20140901-1055\11d8c54ef675a951256777a9f36ebf7e1646ffd6\org.eclipse.emf-2.6.0.v20140901-1055.jar
MD5: 9a377c1c93e9f69918196678d59a8ca8
SHA1: 11d8c54ef675a951256777a9f36ebf7e1646ffd6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.w3c.dom.smil-1.0.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.smil\1.0.0\674bdda9162b48419741da833e445e190f33a58a\org.w3c.dom.smil-1.0.0.jar
MD5: c2494764f38da65d09ce0a0444d00dcd
SHA1: 674bdda9162b48419741da833e445e190f33a58a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb.dbdefinition\1.0.0.v201107221502\aa3214296e97b4dfd14345acea23f2c92e992c36\org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar
MD5: 05e41d890be61af0474adb514358d03c
SHA1: aa3214296e97b4dfd14345acea23f2c92e992c36
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.derby\1.0.0.v201107221519\93018a0f0e585dd4ceb70e849570d6143034273a\org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar
MD5: 690932e0843d8a64619cc8a9b8e39408
SHA1: 93018a0f0e585dd4ceb70e849570d6143034273a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.batik.parser-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.parser\1.6.0\5e6dd459704dd6bd168f1b030cb739872e994339\org.apache.batik.parser-1.6.0.jar
MD5: e9438886ce3c270c3ab3d8a3153607c6
SHA1: 5e6dd459704dd6bd168f1b030cb739872e994339
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.eclipse.equinox.common-3.6.200.v20130402-1505.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.common\3.6.200.v20130402-1505\550778d95ea4d5f2fee765e85eb799cec21067e0\org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
MD5: 551dd5efb955af78e2794fb67a30be0c
SHA1: 550778d95ea4d5f2fee765e85eb799cec21067e0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.apache.batik.util.gui-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util.gui\1.6.0\6afa9107935bdeede0487c770bb0537b1a341c81\org.apache.batik.util.gui-1.6.0.jar
MD5: 37cc80a8417e17b2f43b85f871b67714
SHA1: 6afa9107935bdeede0487c770bb0537b1a341c81
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

javax.xml.stream-1.0.1.v201004272200.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\javax.xml.stream\1.0.1.v201004272200\3a4f0067058e2aa9af1c6e463bc8a147a99681c0\javax.xml.stream-1.0.1.v201004272200.jar
MD5: dfb3dc47c90f4273c2036aab23ee4fe3
SHA1: 3a4f0067058e2aa9af1c6e463bc8a147a99681c0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix\1.0.1.v201107221502\8c1d7354580604905a00c7d9acce3fbc5696b537\org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar
MD5: 9ffbdc7f0a83fbbb1d64cb3b9578e3fa
SHA1: 8c1d7354580604905a00c7d9acce3fbc5696b537
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.apache.batik.svggen-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.svggen\1.6.0\5cb65af57bdfd093c47b3cf7bc8bb57e10f5451\org.apache.batik.svggen-1.6.0.jar
MD5: 2239ba844d960edd4874475630daf205
SHA1: 05cb65af57bdfd093c47b3cf7bc8bb57e10f5451
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.apache.batik.dom-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom\1.6.0\e9fe8d31ea04c6cd566e35f61524e561821bbe57\org.apache.batik.dom-1.6.0.jar
MD5: d894d215bb57972a2c912016a7c8af26
SHA1: e9fe8d31ea04c6cd566e35f61524e561821bbe57
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.apache.batik.css-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.css\1.6.0\1e54558f0ad4b78f907f3461c14c7a7a91aecab2\org.apache.batik.css-1.6.0.jar
MD5: a6b1201c835cb3e98733bd3214cb460e
SHA1: 1e54558f0ad4b78f907f3461c14c7a7a91aecab2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql\1.0.4.v201212120617\b8862d790cf4715ce8b1a5c54d9fa9ee2557154f\org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar
MD5: 44f378e79fa8e6401887f374b6a8ebad
SHA1: b8862d790cf4715ce8b1a5c54d9fa9ee2557154f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2001-0407  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Vulnerable Software & Versions:

CVE-2001-1274  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Vulnerable Software & Versions:

CVE-2001-1275  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Vulnerable Software & Versions:

CVE-2001-1454  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Vulnerable Software & Versions:

CVE-2003-1331  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Vulnerable Software & Versions:

CVE-2004-0457  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Software & Versions:

CVE-2004-0835  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Vulnerable Software & Versions: (show all)

CVE-2004-0836  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Vulnerable Software & Versions: (show all)

CVE-2004-0837  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Vulnerable Software & Versions: (show all)

CVE-2006-7232  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

Vulnerable Software & Versions: (show all)

CVE-2007-1420  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

Vulnerable Software & Versions: (show all)

CVE-2007-2583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Vulnerable Software & Versions: (show all)

CVE-2007-2691  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Vulnerable Software & Versions: (show all)

CVE-2007-5925  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Vulnerable Software & Versions:

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2009-0819  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2009-4028  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2014-9906  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-416 Use After Free

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

Vulnerable Software & Versions:

CVE-2015-2575  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

Vulnerable Software & Versions:

CVE-2016-1246  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Vulnerable Software & Versions:

CVE-2017-10788  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Vulnerable Software & Versions:

CVE-2017-10789  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.db.generic\1.0.1.v201107221459\4dd3c5554bea2302448e4201167e36e2bf11d383\org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar
MD5: 43b6a19ecae85c97702103d4e3aad0e2
SHA1: 4dd3c5554bea2302448e4201167e36e2bf11d383
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb\1.0.0.v201107221502\5f987f4588c989290c038bd70460c36caa972c0b\org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar
MD5: 7acc8fad3f0bc091eaa32030fb8cdbf5
SHA1: 5f987f4588c989290c038bd70460c36caa972c0b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition\1.0.1.v201201240505\d18a0cca80deb6331f1caffea5abc8fa34e2060e\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar
MD5: 4b552c372d4c69ed407bdc1bf5abbc9a
SHA1: d18a0cca80deb6331f1caffea5abc8fa34e2060e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.xml.resolver-1.2.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.resolver\1.2.0\7c9c22053b04772e81dc62d665b202eeae82ae47\org.apache.xml.resolver-1.2.0.jar
MD5: f29e4c1d4936c28395beee34a755f3a6
SHA1: 7c9c22053b04772e81dc62d665b202eeae82ae47
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix.dbdefinition\1.0.4.v201107221502\1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2\org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar
MD5: bd94b57db3ac938c9a517371dd9e8923
SHA1: 1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql\1.0.6.v201208230744\731de727a1154c562038b045fa247716f68e93fe\org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar
MD5: b73d784c71179bd2ab08499c373cd2c0
SHA1: 731de727a1154c562038b045fa247716f68e93fe
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.w3c.dom.svg-1.1.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.svg\1.1.0\9c6413ed43b4e9ba56982a554e03bd012cc44ed9\org.w3c.dom.svg-1.1.0.jar
MD5: dcf64eb5f94cf993600f30aac878d329
SHA1: 9c6413ed43b4e9ba56982a554e03bd012cc44ed9
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.batik.dom.svg-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom.svg\1.6.0\ce507ddef394d6c6771bc8692c7db6afb1da4fa0\org.apache.batik.dom.svg-1.6.0.jar
MD5: e3093fc8645d18d9241c1db7b9064e32
SHA1: ce507ddef394d6c6771bc8692c7db6afb1da4fa0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.apache.batik.ext.awt-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.ext.awt\1.6.0\4df20bee143553a89b26bc06411eb4dcf44ec18e\org.apache.batik.ext.awt-1.6.0.jar
MD5: 66ec3f38f8f1ab368acd97dea9d554a5
SHA1: 4df20bee143553a89b26bc06411eb4dcf44ec18e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.mozilla.javascript-1.7.2.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.mozilla.javascript\1.7.2\b520e18bd357a47deb2e902ce49533564236219b\org.mozilla.javascript-1.7.2.jar
MD5: ec441f8787033e99da1eb599e021dc78
SHA1: b520e18bd357a47deb2e902ce49533564236219b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql\1.1.1.v201205252207\ddd733b059a41aa86aceed5344d1b4799802f5c0\org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar
MD5: 0e1243739661726d3a98234922777ee9
SHA1: ddd733b059a41aa86aceed5344d1b4799802f5c0
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2007-2138  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Vulnerable Software & Versions: (show all)

CVE-2007-4772  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Vulnerable Software & Versions: (show all)

CVE-2010-0733  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Vulnerable Software & Versions: (show all)

CVE-2014-0060  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

Vulnerable Software & Versions: (show all)

CVE-2014-0061  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

Vulnerable Software & Versions: (show all)

CVE-2014-0062  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Vulnerable Software & Versions: (show all)

CVE-2014-0063  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Vulnerable Software & Versions: (show all)

CVE-2014-0064  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.

Vulnerable Software & Versions: (show all)

CVE-2014-0065  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

Vulnerable Software & Versions: (show all)

CVE-2014-0066  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0067  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Vulnerable Software & Versions: (show all)

CVE-2015-3165  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Vulnerable Software & Versions: (show all)

CVE-2015-5288  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-200 Information Exposure

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Vulnerable Software & Versions: (show all)

CVE-2015-5289  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

Vulnerable Software & Versions: (show all)

CVE-2016-0766  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

Vulnerable Software & Versions:

CVE-2016-0773  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-476 NULL Pointer Dereference

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Vulnerable Software & Versions: (show all)

CVE-2017-7484  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Vulnerable Software & Versions: (show all)

org.apache.batik.transcoder-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.transcoder\1.6.0\fc5d9326a3195f15781d2fcea862ec1767e30ebf\org.apache.batik.transcoder-1.6.0.jar
MD5: 68731962320372175c3b07cc97ab155b
SHA1: fc5d9326a3195f15781d2fcea862ec1767e30ebf
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby.dbdefinition\1.0.2.v201107221459\be66d744ac0e8f011055c37eb6c0b0b8de2d0978\org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar
MD5: 4d3e4a2cbaabc2bfa5aefb557d61ae37
SHA1: be66d744ac0e8f011055c37eb6c0b0b8de2d0978
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2005-4849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

Vulnerable Software & Versions:

CVE-2009-4269  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle\1.0.0.v201107221506\5628f462cfa241fff7b11f1df4c21802f174dd08\org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar
MD5: 4be65c4c38bee9128501d3169da945b2
SHA1: 5628f462cfa241fff7b11f1df4c21802f174dd08
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.batik.util-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util\1.6.0\74aafd6361820f7e67474e78b16fd4365d1a58a\org.apache.batik.util-1.6.0.jar
MD5: 3db4ec82c64ef8c985a818dc0fcde67e
SHA1: 074aafd6361820f7e67474e78b16fd4365d1a58a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle.dbdefinition\1.0.103.v201206010214\af90f9d09101fb165a260896477c01385b6c8fd1\org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar
MD5: f7cd9df4d5a76c851f3097996214862b
SHA1: af90f9d09101fb165a260896477c01385b6c8fd1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.batik.xml-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.xml\1.6.0\8b3fbec88190a39eae4de5088a1199f23526258e\org.apache.batik.xml-1.6.0.jar
MD5: 4291f7898be4dcba99ba8dacfb8e9122
SHA1: 8b3fbec88190a39eae4de5088a1199f23526258e
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

org.apache.xml.serializer-2.7.1.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.serializer\2.7.1\a8508e22414c8e12cdfdc42b25a7c7efa4004556\org.apache.xml.serializer-2.7.1.jar
MD5: 6bfe11d68939f35a28c21d309835adc3
SHA1: a8508e22414c8e12cdfdc42b25a7c7efa4004556
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.apache.xerces-2.9.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xerces\2.9.0\615a1b724b88b81e8a040ec148fd25368f7b48e5\org.apache.xerces-2.9.0.jar
MD5: 99108dc0a0b108c5f3651f97bdc22084
SHA1: 615a1b724b88b81e8a040ec148fd25368f7b48e5
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql.query\1.1.4.v201212120619\663bfc41efd6030a37f7e6e7baf3b259606c1bcc\org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar
MD5: c5bdb5c33253c78e9cf3fceb476357f2
SHA1: 663bfc41efd6030a37f7e6e7baf3b259606c1bcc
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.dbdefinition\1.0.2.v201107221519\725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3\org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar
MD5: 8bf72752aec7975cbe3fc13a56137975
SHA1: 725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql.dbdefinition\1.0.4.v201109022331\7b1abc387591d4a9427bb13344243a220a5d751b\org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar
MD5: dfa223ea33f41fe22cf29c3e57248628
SHA1: 7b1abc387591d4a9427bb13344243a220a5d751b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2001-0407  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Vulnerable Software & Versions:

CVE-2001-1274  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Vulnerable Software & Versions:

CVE-2001-1275  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Vulnerable Software & Versions:

CVE-2001-1454  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Vulnerable Software & Versions:

CVE-2003-1331  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Vulnerable Software & Versions:

CVE-2004-0457  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Software & Versions:

CVE-2004-0835  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Vulnerable Software & Versions: (show all)

CVE-2004-0836  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Vulnerable Software & Versions: (show all)

CVE-2004-0837  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Vulnerable Software & Versions: (show all)

CVE-2006-7232  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

Vulnerable Software & Versions: (show all)

CVE-2007-1420  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

Vulnerable Software & Versions: (show all)

CVE-2007-2583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Vulnerable Software & Versions: (show all)

CVE-2007-2691  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Vulnerable Software & Versions: (show all)

CVE-2007-5925  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Vulnerable Software & Versions:

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2009-0819  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2009-4028  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2014-9906  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-416 Use After Free

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

Vulnerable Software & Versions:

CVE-2015-2575  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

Vulnerable Software & Versions:

CVE-2016-1246  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Vulnerable Software & Versions:

CVE-2017-10788  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Vulnerable Software & Versions:

CVE-2017-10789  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

Vulnerable Software & Versions:

org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.orbit.mongodb\2.10.1.v20130422-1135\98f0232dc80679a3f5c1effe15344dc7ceac98dc\org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar
MD5: aeb824a874797d3ce55dec345ab6d44c
SHA1: 98f0232dc80679a3f5c1effe15344dc7ceac98dc
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2014-8180  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-287 Improper Authentication

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

Vulnerable Software & Versions:

CVE-2016-6494  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Vulnerable Software & Versions:

javax.wsdl-1.5.1.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\javax.wsdl\1.5.1\29ec6b1964b05d6ff9728226d2a1e61fab3ac95c\javax.wsdl-1.5.1.jar
MD5: bf0c1e9a2431ee46940855f7c92628d8
SHA1: 29ec6b1964b05d6ff9728226d2a1e61fab3ac95c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

Tidy-1.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\Tidy\1\63b1e38f4ca630dbac3d2072cda2a9336914d10c\Tidy-1.jar
MD5: 00418be9ec69f7f9a2dda911a1e77eaf
SHA1: 63b1e38f4ca630dbac3d2072cda2a9336914d10c
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql.dbdefinition\1.0.2.v201110070445\8021bc614192f060a880cc407aba8adcfea6fb7f\org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar
MD5: 505940588e48631bd378b83030fa966e
SHA1: 8021bc614192f060a880cc407aba8adcfea6fb7f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2007-2138  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Vulnerable Software & Versions: (show all)

CVE-2007-4772  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Vulnerable Software & Versions: (show all)

CVE-2010-0733  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Vulnerable Software & Versions: (show all)

CVE-2014-0060  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

Vulnerable Software & Versions: (show all)

CVE-2014-0061  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

Vulnerable Software & Versions: (show all)

CVE-2014-0062  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Vulnerable Software & Versions: (show all)

CVE-2014-0063  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Vulnerable Software & Versions: (show all)

CVE-2014-0064  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.

Vulnerable Software & Versions: (show all)

CVE-2014-0065  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.

Vulnerable Software & Versions: (show all)

CVE-2014-0066  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0067  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Vulnerable Software & Versions: (show all)

CVE-2015-3165  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Vulnerable Software & Versions: (show all)

CVE-2015-5288  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-200 Information Exposure

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Vulnerable Software & Versions: (show all)

CVE-2015-5289  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

Vulnerable Software & Versions: (show all)

CVE-2016-0766  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

Vulnerable Software & Versions:

CVE-2016-0773  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-476 NULL Pointer Dereference

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Vulnerable Software & Versions: (show all)

CVE-2017-7484  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Vulnerable Software & Versions: (show all)

org.w3c.css.sac-1.3.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.css.sac\1.3.0\8dfb0e08c19f3b47290096d27ab71ed4f2a5000a\org.w3c.css.sac-1.3.0.jar
MD5: 5e7f05aba6c35250a6f0345a5f9c8ca0
SHA1: 8dfb0e08c19f3b47290096d27ab71ed4f2a5000a
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver\1.0.2.v201212120617\bff9658c0858cea81b373f1488274a1d9d200cc6\org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar
MD5: 17b87437049e6d36e46af23c8e4faac8
SHA1: bff9658c0858cea81b373f1488274a1d9d200cc6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

flute-1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.milyn\flute\1.3\b7d59dc172005598b55699b1a75605b13c14f1fd\flute-1.3.jar
MD5: 2f2e13cd3523c545dd1c4617b373692c
SHA1: b7d59dc172005598b55699b1a75605b13c14f1fd
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby\1.0.103.v201212070447\2257789d5761585d498d13bb2269c180c970f28d\org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar
MD5: b9aeb8aeaa0809e9dc4a15388ec82d8f
SHA1: 2257789d5761585d498d13bb2269c180c970f28d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2005-4849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

Vulnerable Software & Versions:

CVE-2009-4269  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Vulnerable Software & Versions:

org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.console.profile\1.0.10.v201109250955\2c338e35fc23603cea9ebaf5177a0c042f38eea1\org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
MD5: 9b8e7f6c69a0bf165645503775af9154
SHA1: 2c338e35fc23603cea9ebaf5177a0c042f38eea1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.commons.codec-1.3.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.commons.codec\1.3.0\72c73f3729b4ca49dac8691fb5adb194e8595799\org.apache.commons.codec-1.3.0.jar
MD5: e411b9d204b1a91d62b830a86e1f44ff
SHA1: 72c73f3729b4ca49dac8691fb5adb194e8595799
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

com.lowagie.text-2.1.7.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\com.lowagie.text\2.1.7\18d4c7c2014447eacfd00c65c717b3cfc422407b\com.lowagie.text-2.1.7.jar
MD5: af7c1521ab58701d3a0cadc29ef3d15a
SHA1: 18d4c7c2014447eacfd00c65c717b3cfc422407b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2009-4521  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

Vulnerable Software & Versions:

org.apache.batik.bridge-1.6.0.jar

Description: A component of the BIRT runtime

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.bridge\1.6.0\e2db6eb9029356884f123a60e9b72a51919e9a6f\org.apache.batik.bridge-1.6.0.jar
MD5: e0136e6d36f5140dfea96ff1f3fea441
SHA1: e2db6eb9029356884f123a60e9b72a51919e9a6f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-0250  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: Z:\Gradle\caches\modules-2\files-2.1\aopalliance\aopalliance\1.0\235ba8b489512805ac13a8f9ea77a1ca5ebe3e8\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jaxb-impl-2.1.9.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.bind\jaxb-impl\2.1.9\9c137963871ba7296643806b01083e4cf1703769\jaxb-impl-2.1.9.jar
MD5: 8f7f2e5ceca330ebfeea5db52a891f8f
SHA1: 9c137963871ba7296643806b01083e4cf1703769
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

person-directory-api-1.5.0-RC5.jar

Description: Provides a general interface for accessing attributes for a person.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-api\1.5.0-RC5\a2f4804d335d3cfe6a4bb3407dcf9fb88d396700\person-directory-api-1.5.0-RC5.jar
MD5: 342160c7a8e7d47a934fc442503f219b
SHA1: a2f4804d335d3cfe6a4bb3407dcf9fb88d396700
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

spring-context-2.5.6.SEC01.jar

Description: Spring Framework: Context

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context\2.5.6.SEC01\30ab3c56aa2ca6d9e4a194a36ac0679df2fd108\spring-context-2.5.6.SEC01.jar
MD5: fc87e3ecd8faa9306fe3657955e35315
SHA1: 030ab3c56aa2ca6d9e4a194a36ac0679df2fd108
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-context:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-tx-2.5.6.SEC01.jar

Description: Spring Framework: Transaction

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-tx\2.5.6.SEC01\4af6ff118eb394f804fe3a96f3e3f323a5de5ff6\spring-tx-2.5.6.SEC01.jar
MD5: d3823f3cc0feeb18a6e89a1ff833a08e
SHA1: 4af6ff118eb394f804fe3a96f3e3f323a5de5ff6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-tx:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-context-support-2.5.6.SEC01.jar

Description: Spring Framework: Context Support

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context-support\2.5.6.SEC01\3a88bce8e22a274f116d4fb3dcc936d088fff014\spring-context-support-2.5.6.SEC01.jar
MD5: e3f6c6bd31d9bca3d9c73693ce37f55c
SHA1: 3a88bce8e22a274f116d4fb3dcc936d088fff014
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: org.springframework:spring-context-support:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-web-2.5.6.SEC01.jar

Description: Spring Framework: Web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-web\2.5.6.SEC01\6a5711a5a29cf25603892c2bace8bbe3bf062834\spring-web-2.5.6.SEC01.jar
MD5: 042b8195b45e7a61c017e8304b3c6dd1
SHA1: 6a5711a5a29cf25603892c2bace8bbe3bf062834
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01   Confidence:Low   
  • maven: org.springframework:spring-web:2.5.6.SEC01    Confidence:Highest
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   Confidence:Low   

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

hibernate-3.2.6.ga.jar

Description: Relational Persistence for Java

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate\3.2.6.ga\dd982c3d5c28c956aa4fa9112258cb3013606ddd\hibernate-3.2.6.ga.jar
MD5: 5fc853b674c28384719ad7f846ea4dce
SHA1: dd982c3d5c28c956aa4fa9112258cb3013606ddd
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

hibernate-commons-annotations-3.0.0.ga.jar

Description: Hibernate Commons Annotations is a utility project used by annotations based Hibernate sub-projects.

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-commons-annotations\3.0.0.ga\c8f53732fe3b75935f0550bdc3ba92bc9345360f\hibernate-commons-annotations-3.0.0.ga.jar
MD5: 1ccefbe43fedffc16835ceb1a777d199
SHA1: c8f53732fe3b75935f0550bdc3ba92bc9345360f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ejb3-persistence-1.0.1.GA.jar

Description: Java Persistence API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\ejb3-persistence\1.0.1.GA\f502b2c96c95e087435c79d3d6c9aa85bb1154bc\ejb3-persistence-1.0.1.GA.jar
MD5: d46c8f0555d95027269259dd04f6b10c
SHA1: f502b2c96c95e087435c79d3d6c9aa85bb1154bc
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

aspectjweaver-1.5.3.jar

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjweaver\1.5.3\4040e72d0dda6e9a03d879835cd3f70f19284c34\aspectjweaver-1.5.3.jar
MD5: 06464d01316d851e8dac161847e98f4c
SHA1: 4040e72d0dda6e9a03d879835cd3f70f19284c34
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

aspectjrt-1.5.3.jar

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjrt\1.5.3\80e9fde0223721baefb5df5f251888cc2456ed6\aspectjrt-1.5.3.jar
MD5: 6b097361bf7d1643bba896eb6b9ff156
SHA1: 080e9fde0223721baefb5df5f251888cc2456ed6
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

ognl-2.6.9.jar

Description: OGNL stands for Object-Graph Navigation Language; it is an expression language for getting and setting properties of Java objects.

License:

BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\ognl\ognl\2.6.9\fad9692184899994e977b647998f9fa4a9cfec35\ognl-2.6.9.jar
MD5: fb4d30eab3ed221ada77479685d608c2
SHA1: fad9692184899994e977b647998f9fa4a9cfec35
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:ognl_project:ognl:2.6.9   Confidence:Low   
  • maven: ognl:ognl:2.6.9    Confidence:Highest

CVE-2016-3093  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

Vulnerable Software & Versions: (show all)

spring-binding-1.0.6.jar

Description: Spring Data Binding Framework

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-binding\1.0.6\c2789e5215ed30d4d9e06873097c8bab8ae97109\spring-binding-1.0.6.jar
MD5: a8bca088c4e5ef2a395b5d784c6aa180
SHA1: c2789e5215ed30d4d9e06873097c8bab8ae97109
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:vmware:springsource_spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:pivotal_software:spring_framework:1.0.6   Confidence:Low   
  • cpe: cpe:/a:springsource:spring_framework:1.0.6   Confidence:Low   
  • maven: org.springframework:spring-binding:1.0.6    Confidence:Highest

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

plexus-utils-1.5.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.plexus\plexus-utils\1.5.6\8fb6b798a4036048b3005e058553bf21a87802ed\plexus-utils-1.5.6.jar
MD5: d6070c2e77ca56adafa953215ddf744b
SHA1: 8fb6b798a4036048b3005e058553bf21a87802ed
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

maven-scm-provider-svn-commons-1.4.jar

Description: Common library for SCM SVN Provider.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-provider-svn-commons\1.4\54bc1dc24c5d205b4d251a83f4ea63808c21a628\maven-scm-provider-svn-commons-1.4.jar
MD5: 09e3cb24fa48c3d6427e1d2b79b42d26
SHA1: 54bc1dc24c5d205b4d251a83f4ea63808c21a628
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

regexp-1.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\regexp\regexp\1.3\973df2b78b67bcd3144c3dbbb88da691065a3f8d\regexp-1.3.jar
MD5: 6dcdc325850e40b843cac2a25fb2121e
SHA1: 973df2b78b67bcd3144c3dbbb88da691065a3f8d
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jaxb-api-2.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.bind\jaxb-api\2.1\b2dfeed54ac106bcd714ba59c1f52ef9167d56e\jaxb-api-2.1.jar
MD5: 63f750861245626b7338e2d2e6a33068
SHA1: 0b2dfeed54ac106bcd714ba59c1f52ef9167d56e
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: javax.xml.bind:jaxb-api:2.1   Confidence:Highest

ehcache-1.2.3.jar

Description:  ehcache is a pure Java, in-process cache with the following features: 1. Fast. 2. Simple. 3. Multiple eviction policies: LRU, LFU and FIFO. 4. Caches can be in memory or on disk. 5. Disk Stores can be persistent between VM restarts. 6. Distributed caching using multicast and RMI, with a pluggable API. 7. Cache and CacheManager listeners 8. Supports multiple Caches per CacheManager, and multiple CacheManagers per application. 9. Acts as a pluggable cache for Hibernate 3.1, 3 and 2.1. 10. Small foot print. Both in terms of size and memory requirements. 11. Minimal dependencies apart from J2SE. 12. Fully documented. See the online Documentation and the online JavaDoc. 13. Comprehensive Test Coverage. See the clover test report. 14. Available under the Apache 1.1 license. EHCache's copyright and licensing has been reviewed and approved by the Apache Software Foundation, making EHCache suitable for use in Apache projects. 15. Production tested. EHCache is used on a large and very busy eCommerce site. 16. Web caching, pull-through caches and other common caching implementations are provided in the ehcache-constructs module.

License:

The Apache Software License, Version 2.0: http://ehcache.sourceforge.net/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache\1.2.3\461752b4e3d73a5815737df243782ac70112b489\ehcache-1.2.3.jar
MD5: e26a78a6249bb308dc13c2c5a7980567
SHA1: 461752b4e3d73a5815737df243782ac70112b489
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jta-1.0.1B.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.transaction\jta\1.0.1B\3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b\jta-1.0.1B.jar
MD5: c6e3e528816227b97f6b21f709641f8f
SHA1: 3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: javax.transaction:jta:1.0.1B   Confidence:Highest

asm-attrs-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm-attrs\1.5.3\911ca40cdb527969ee47dc6f782425d94a36b510\asm-attrs-1.5.3.jar
MD5: 2f222ca7499ed5bc49fe25a1182c59f7
SHA1: 911ca40cdb527969ee47dc6f782425d94a36b510
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

antlr-2.7.6.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\antlr\antlr\2.7.6\cf4f67dae5df4f9932ae7810f4548ef3e14dd35e\antlr-2.7.6.jar
MD5: 97c6bb68108a3d68094eab0f67157962
SHA1: cf4f67dae5df4f9932ae7810f4548ef3e14dd35e
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

cglib-2.1_3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\cglib\cglib\2.1_3\d3851e366b9fe8b7d8215de0f9eb980b359d8de0\cglib-2.1_3.jar
MD5: ce1dce4a5f6865fb88d4c7c2728b78ed
SHA1: d3851e366b9fe8b7d8215de0f9eb980b359d8de0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

asm-1.5.3.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm\1.5.3\63a2715c39c9e97f88fe371d4441a1b3493d74f9\asm-1.5.3.jar
MD5: ea4119d1471fc3c1af6b216815bd666c
SHA1: 63a2715c39c9e97f88fe371d4441a1b3493d74f9
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.stream\stax-api\1.0-2\d6337b0de8b25e53e81b922352fbea9f9f57ba0b\stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

geronimo-jta_1.1_spec-1.1.1.jar

Description: Provides open-source implementations of Sun specifications.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jta_1.1_spec\1.1.1\aabab3165b8ea936b9360abbf448459c0d04a5a4\geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-io-2.5.jar

Description:  The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-io\commons-io\2.5\2852e6e05fbb95076fc091f6d1780f1f8fe35e0f\commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackson-databind-2.8.9.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-databind\2.8.9\4dfca3975be3c1a98eacb829e70f02e9a71bc159\jackson-databind-2.8.9.jar
MD5: 2d8f44c15feb8d76271ee7c5258b2072
SHA1: 4dfca3975be3c1a98eacb829e70f02e9a71bc159
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

curvesapi-1.04.jar

Description: Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.virtuald\curvesapi\1.04\3386abf821719bc89c7685f9eaafaf4a842f0199\curvesapi-1.04.jar
MD5: 0dcbd9b7e498d1118c920d1d55046743
SHA1: 3386abf821719bc89c7685f9eaafaf4a842f0199
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

guava-20.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.guava\guava\20.0\89507701249388e1ed5ddcf8c41f4ce1be7831ef\guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

commons-beanutils-1.9.3.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-beanutils\commons-beanutils\1.9.3\c845703de334ddc6b4b3cd26835458cb1cba1f3d\commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

fontbox-2.0.6.jar

Description:  The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\fontbox\2.0.6\33f44ea67f1b5ab314e2d5768365b1a3e794fb3b\fontbox-2.0.6.jar
MD5: 531ddd3206dfae487d792261ac6d8d54
SHA1: 33f44ea67f1b5ab314e2d5768365b1a3e794fb3b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

batik-css-1.9.jar

Description: Batik CSS engine

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-css\1.9\3eb0bdc9dedd2e33e7ace50e01eab16741fcb689\batik-css-1.9.jar
MD5: b639d437fb054a7d20043b8be6d3e0fa
SHA1: 3eb0bdc9dedd2e33e7ace50e01eab16741fcb689
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

serializer-2.7.2.jar

Description:  Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events.

File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\serializer\2.7.2\24247f3bb052ee068971393bdb83e04512bb1c3c\serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:apache:xalan-java:2.7.2   Confidence:Low   
  • maven: xalan:serializer:2.7.2    Confidence:Highest

protobuf-java-3.1.0.jar

Description:  Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.protobuf\protobuf-java\3.1.0\e13484d9da178399d32d2d27ee21a77cfb4b7873\protobuf-java-3.1.0.jar
MD5: 6fcd9d8f757eea48ac7f3e1b279f94e8
SHA1: e13484d9da178399d32d2d27ee21a77cfb4b7873
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

CVE-2015-5237  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

Vulnerable Software & Versions:

httpmime-4.5.3.jar

Description:  Apache HttpComponents HttpClient - MIME coded entities

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpmime\4.5.3\889fd6d061bb63b99dd5c6aba35a555ae863de52\httpmime-4.5.3.jar
MD5: a00b6287cab2ad554ae3cbdbe983dc88
SHA1: 889fd6d061bb63b99dd5c6aba35a555ae863de52
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

woodstox-core-asl-4.4.1.jar

Description: Woodstox is a high-performance XML processor that implements Stax (JSR-173) and SAX2 APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\woodstox-core-asl\4.4.1\84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1\woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

asm-5.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm\5.1\5ef31c4fe953b1fd00b8a88fa1d6820e8785bb45\asm-5.1.jar
MD5: 3770466405f163d6616b65c32e16a3cd
SHA1: 5ef31c4fe953b1fd00b8a88fa1d6820e8785bb45
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

xercesImpl-2.9.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\xerces\xercesImpl\2.9.1\1136d197e2755bbde296ceee217ec5fe2917477b\xercesImpl-2.9.1.jar
MD5: da09b75b562ca9a8e9a535d2148be8e4
SHA1: 1136d197e2755bbde296ceee217ec5fe2917477b
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: xerces:xercesImpl:2.9.1   Confidence:Highest

poi-ooxml-schemas-3.17-beta1.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml-schemas\3.17-beta1\99811dc063afea4cde813726ba6f45f724bf2c3b\poi-ooxml-schemas-3.17-beta1.jar
MD5: b7b030b06cc81a9a5cb325b5a0ef1244
SHA1: 99811dc063afea4cde813726ba6f45f724bf2c3b
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

stax-api-1.0.1.jar

Description: StAX API is the standard java XML processing API defined by JSR-173

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\stax\stax-api\1.0.1\49c100caf72d658aca8e58bd74a4ba90fa2b0d70\stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

spring-beans-2.5.6.jar

Description: Spring Framework: Beans

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-beans\2.5.6\449ea46b27426eb846611a90b2fb8b4dcf271191\spring-beans-2.5.6.jar
MD5: 25c0752852205167af8f31a1eb019975
SHA1: 449ea46b27426eb846611a90b2fb8b4dcf271191
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6   Confidence:Low   
  • maven: org.springframework:spring-beans:2.5.6    Confidence:Highest
  • cpe: cpe:/a:pivotal_software:spring_framework:2.5.6   Confidence:Low   
  • cpe: cpe:/a:springsource:spring_framework:2.5.6   Confidence:Highest   
  • cpe: cpe:/a:pivotal:spring_framework:2.5.6   Confidence:Low   

CVE-2010-1622  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Vulnerable Software & Versions: (show all)

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

servlet-api-2.4.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\servlet-api\2.4\3fc542fe8bb8164e8d3e840fe7403bc0518053c0\servlet-api-2.4.jar
MD5: f6cf3fde0b992589ed3d87fa9674015f
SHA1: 3fc542fe8bb8164e8d3e840fe7403bc0518053c0
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackson-annotations-2.8.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-annotations\2.8.0\45b426f7796b741035581a176744d91090e2e6fb\jackson-annotations-2.8.0.jar
MD5: 288e6537849f0c63e76409b515c4fbe4
SHA1: 45b426f7796b741035581a176744d91090e2e6fb
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

jackson-core-2.8.9.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-core\2.8.9\569b1752705da98f49aabe2911cc956ff7d8ed9d\jackson-core-2.8.9.jar
MD5: 99213f4905cdaa83dc8cf19718bdc4c5
SHA1: 569b1752705da98f49aabe2911cc956ff7d8ed9d
Referenced In Projects/Scopes:
  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

juel-spi-2.2.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-spi\2.2.7\ca146332a93720784f24a5a24bb71c6d545133bd\juel-spi-2.2.7.jar
MD5: a4df3c8482a97ae937081b7d0ab407bb
SHA1: ca146332a93720784f24a5a24bb71c6d545133bd
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

barcode4j-fop-ext-2.1.jar

Description: Barcode4J is a flexible generator for barcodes written in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j-fop-ext\2.1\38749ed6e6412628c45d5ba344a0ab796e6807f9\barcode4j-fop-ext-2.1.jar
MD5: c78625e84ca0fd2853cf327505d99396
SHA1: 38749ed6e6412628c45d5ba344a0ab796e6807f9
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

barcode4j-2.1.jar

Description: Barcode4J is a flexible generator for barcodes written in Java.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j\2.1\4b38b2219c0d522fcea8238493f2ea3e238ef529\barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

axis2-transport-http-1.7.1.jar

Description: This inclues all the available transports in Axis2

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-http\1.7.1\54b345d733908b3fc830ac87ede303ec2b7d8c3b\axis2-transport-http-1.7.1.jar
MD5: 58ea78d154f92057c9644f21e99e91c8
SHA1: 54b345d733908b3fc830ac87ede303ec2b7d8c3b
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

CVE-2012-4418  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Software & Versions:

CVE-2012-5351  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerable Software & Versions:

axis2-transport-local-1.7.1.jar

Description: This inclues all the available transports in Axis2

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-local\1.7.1\cfda1532e74015dd978b3d046b19a2749ac300b1\axis2-transport-local-1.7.1.jar
MD5: 64540c40f6be6421a7e5db8ab7446c5d
SHA1: cfda1532e74015dd978b3d046b19a2749ac300b1
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

CVE-2012-4418  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Software & Versions:

CVE-2012-5351  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerable Software & Versions:

derby-10.14.1.0.jar

Description: Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.derby\derby\10.14.1.0\3bcd8b1af3f8cd022d54d331e00064776be04f9c\derby-10.14.1.0.jar
MD5: 798a9e88c1c8146aa74e0686d2ad5598
SHA1: 3bcd8b1af3f8cd022d54d331e00064776be04f9c
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

geronimo-jaxrpc_1.1_spec-1.1.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jaxrpc_1.1_spec\1.1\b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b\geronimo-jaxrpc_1.1_spec-1.1.jar
MD5: ee8d28584b602a03da5f9b4c068b2d53
SHA1: b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

log4j-1.2-api-2.9.1.jar

Description: The Apache Log4j 1.x Compatibility API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-1.2-api\2.9.1\894f96d677880d4ab834a1356f62b875e579caaa\log4j-1.2-api-2.9.1.jar
MD5: eefa95ef2969b469e09aef2acc06c834
SHA1: 894f96d677880d4ab834a1356f62b875e579caaa
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

log4j-core-2.9.1.jar

Description: The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-core\2.9.1\c041978c686866ee8534f538c6220238db3bb6be\log4j-core-2.9.1.jar
MD5: 942f429eacb8015e18d8f59996cfbee6
SHA1: c041978c686866ee8534f538c6220238db3bb6be
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

log4j-jul-2.9.1.jar

Description: The Apache Log4j implementation of java.util.logging

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-jul\2.9.1\20950ce865fde280a81b99787dd5b66bf5ea571f\log4j-jul-2.9.1.jar
MD5: a4eef3268c4a641ad97de87b89cef043
SHA1: 20950ce865fde280a81b99787dd5b66bf5ea571f
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

log4j-slf4j-impl-2.9.1.jar

Description: The Apache Log4j SLF4J API binding to Log4j 2 Core

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-slf4j-impl\2.9.1\a97a849b18b3798c4af1a2ca5b10c66cef17e3a\log4j-slf4j-impl-2.9.1.jar
MD5: efe1d1f6d8e4ead7710d1481144702b8
SHA1: 0a97a849b18b3798c4af1a2ca5b10c66cef17e3a
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

batik-all-1.8pre-r1084380.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codeartisans.thirdparties.swing\batik-all\1.8pre-r1084380\2898c85b844ad4db731d8dbd7bac395bece5bead\batik-all-1.8pre-r1084380.jar
MD5: 6b971c2c943d0d398744774c3df092bc
SHA1: 2898c85b844ad4db731d8dbd7bac395bece5bead
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

avalon-framework-impl-4.2.0.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\avalon-framework\avalon-framework-impl\4.2.0\4da1db18947eb6950abb7ad79253011b9aec0e48\avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

slf4j-api-1.7.25.jar

Description: The slf4j API

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.25\da76ca59f6a57ee3102f8f9bd9cee742973efa8a\slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
Referenced In Projects/Scopes:

  • default
  • runtime

Identifiers

xml-apis-2.0.2.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis\2.0.2\3136ca936f64c9d68529f048c2618bd356bf85c9\xml-apis-2.0.2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
Referenced In Projects/Scopes:
  • default
  • runtime

Identifiers

junit-4.12.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\junit\junit\4.12\2973d150c0dc1fefe998f834810d68f278ea58ec\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
Referenced In Project/Scope: junitReport

Identifiers

ant-junit-1.9.7.jar

Description: contains the junit and junirreport tasks

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-junit\1.9.7\12629dc0fe3bc89199f83c1cbf7f844f2d0801de\ant-junit-1.9.7.jar
MD5: d2aea68c381c3f5ba9267d6e487283b2
SHA1: 12629dc0fe3bc89199f83c1cbf7f844f2d0801de
Referenced In Project/Scope: junitReport

Identifiers

ant-1.9.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant\1.9.7\3b2a10512ee6537d3852c9b693a0284dcab5de68\ant-1.9.7.jar
MD5: a14502c25ee6bc76c4614315845b29e9
SHA1: 3b2a10512ee6537d3852c9b693a0284dcab5de68
Referenced In Project/Scope: junitReport

Identifiers

ant-launcher-1.9.7.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-launcher\1.9.7\224857a490283e72da13ffe3082dea62c558ec76\ant-launcher-1.9.7.jar
MD5: f099489fbe6cc9665cb690b4b03cf48c
SHA1: 224857a490283e72da13ffe3082dea62c558ec76
Referenced In Project/Scope: junitReport

Identifiers

ehcache-core-2.6.2.jar: sizeof-agent.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar\net\sf\ehcache\pool\sizeof\sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1   Confidence:High

org.eclipse.core.resources-3.9.1.v20140825-1431.jar: resources-ant.jar

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar\ant_tasks\resources-ant.jar
MD5: 2e3d89f3c01f0deec05a4d04db4b67bd
SHA1: ac97fcd1a043208b58e6ec13c2708e5cbfdf9a55
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6
Referenced In Projects/Scopes:

  • compileClasspath
  • compileOnly
  • default
  • compile
  • runtime

Identifiers

  • None

axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml

Description: Contains aspects and implementation classes shared by LLOM and DOOM.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml
MD5: 7f02e0ca90a6665816fc893a3acafd3b
SHA1: 703278a88f4fb1a9873ab94791dced7d062328a6

Identifiers

  • maven: org.apache.ws.commons.axiom:om-aspects:1.2.20   Confidence:High

axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml
MD5: 0d677d188261ef28a2284a35201b2eff
SHA1: 4856c617c643824475dbf1f0c6cf20b0ee50040a

Identifiers

  • maven: org.apache.ws.commons.axiom:core-aspects:1.2.20   Confidence:High

axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml

Description:  Contains mixins for methods that are shared between DOM and Axiom.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml
MD5: 8f639f2c9858ae41c1e2f57cd34d6ca6
SHA1: f9a7026ba8e0e7dcd007e59ced1616ef97baae5a

Identifiers

  • maven: org.apache.ws.commons.axiom:shared-aspects:1.2.20   Confidence:High

axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml
MD5: 2ec9363a7e3f21a1d4339a43c0b75da5
SHA1: ffb6b61ba49ff6627eb0cadaee9f766f70324871

Identifiers

  • maven: org.apache.ws.commons.axiom:xml-utils:1.2.20   Confidence:High

htrace-core-3.2.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core\3.2.0-incubating\8797cf3230f01e8724ef27a0ed565dabb6998c64\htrace-core-3.2.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml
MD5: 976d812430b8246deeaf2ea54610f263
SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3

Identifiers

  • maven: commons-logging:commons-logging:1.1.1   Confidence:High

plexus-utils-1.5.6.jar\META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml

File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.plexus\plexus-utils\1.5.6\8fb6b798a4036048b3005e058553bf21a87802ed\plexus-utils-1.5.6.jar\META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml
MD5: 61795135733295c9aa438fda7b923db8
SHA1: 1074eabfbcbfb0decfe6f9ed0541668e114b9311

Identifiers

  • maven: org.codehaus.plexus:plexus-interpolation:1.0   Confidence:High


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.